{"nessus": [{"lastseen": "2023-05-18T14:57:20", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.\n This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.(CVE-2018-16880)An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.(CVE-2019-3819)A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the 'sctp_sendmsg()' function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.(CVE-2019-8956)A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.(CVE-2019-12382)An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because ?All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.(CVE-2019-12380)An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers et/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.(CVE-2019- 15925)An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-i1/4zname, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).(CVE-2019-12614)An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/syset/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)A flaw was found in the way PTRACE_TRACEME functionality was handled in the Linux kernel. The kernel's implementation of ptrace can inadvertently grant elevated permissions to an attacker who can then abuse the relationship between the tracer and the process being traced. This flaw could allow a local, unprivileged user to increase their privileges on the system or cause a denial of service.(CVE-2019-13272)An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: This has been disputed as not an issue.(CVE-2019-12378)An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because 'The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.'.(CVE-2019-12455)An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a ''double fetch'' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.(CVE-2019-12456)An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info-i1/4zvdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).(CVE-2019-12615)In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.(CVE-2019-13631)A vulnerability was found in the Linux kernelaEURtms floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks.(CVE-2019-14283)check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.(CVE-2019-15118)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.(CVE-2019-15211)An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.(CVE-2019-15214)An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.(CVE-2019-15218)An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.(CVE-2019-15219)An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the driverset/wireless/intersil/p54/p54usb.c driver.(CVE-2019-15220)An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.\n XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.(CVE-2019-15538)An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.(CVE-2019-15666)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)An issue was discovered in the Linux kernel before 5.0.10.\n SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.(CVE-2019-15919)An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10 see the 5.0.11 ChangeLog, which documents a memory leak.(CVE-2019-15920)An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.(CVE-2019-16413)An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).(CVE-2019-3701)A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code.(CVE-2019-3846)A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.(CVE-2019-5489)In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9455)A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.(CVE-2019-13233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3400", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-6282", "CVE-2018-16880", "CVE-2018-20836", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-12378", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12455", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12615", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15214", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-15919", "CVE-2019-15920", "CVE-2019-15925", "CVE-2019-16413", "CVE-2019-18805", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-8956", "CVE-2019-9455"], "modified": "2023-01-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1186.NASL", "href": "https://www.tenable.com/plugins/nessus/134387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134387);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/18\");\n\n script_cve_id(\n \"CVE-2012-3400\",\n \"CVE-2013-2164\",\n \"CVE-2013-2206\",\n \"CVE-2013-6282\",\n \"CVE-2018-16880\",\n \"CVE-2018-20836\",\n \"CVE-2019-3701\",\n \"CVE-2019-3819\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-8956\",\n \"CVE-2019-9455\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11815\",\n \"CVE-2019-11833\",\n \"CVE-2019-12378\",\n \"CVE-2019-12380\",\n \"CVE-2019-12381\",\n \"CVE-2019-12382\",\n \"CVE-2019-12455\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12615\",\n \"CVE-2019-13233\",\n \"CVE-2019-13272\",\n \"CVE-2019-13631\",\n \"CVE-2019-14283\",\n \"CVE-2019-15118\",\n \"CVE-2019-15211\",\n \"CVE-2019-15214\",\n \"CVE-2019-15218\",\n \"CVE-2019-15219\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15292\",\n \"CVE-2019-15538\",\n \"CVE-2019-15666\",\n \"CVE-2019-15807\",\n \"CVE-2019-15917\",\n \"CVE-2019-15919\",\n \"CVE-2019-15920\",\n \"CVE-2019-15925\",\n \"CVE-2019-16413\",\n \"CVE-2019-18805\"\n );\n script_bugtraq_id(\n 54279,\n 60375,\n 60715,\n 63734\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/06\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):Heap-based buffer overflow\n in the udf_load_logicalvol function in fs/udf/super.c\n in the Linux kernel before 3.4.5 allows remote\n attackers to cause a denial of service (system crash)\n or possibly have unspecified other impact via a crafted\n UDF filesystem.(CVE-2012-3400)The\n mmc_ioctl_cdrom_read_data function in\n drivers/cdrom/cdrom.c in the Linux kernel through 3.10\n allows local users to obtain sensitive information from\n kernel memory via a read operation on a malfunctioning\n CD-ROM drive.(CVE-2013-2164)The\n sctp_sf_do_5_2_4_dupcook function in\n net/sctp/sm_statefuns.c in the SCTP implementation in\n the Linux kernel before 3.8.5 does not properly handle\n associations during the processing of a duplicate\n COOKIE ECHO chunk, which allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via crafted SCTP traffic.(CVE-2013-2206)The (1)\n get_user and (2) put_user API functions in the Linux\n kernel before 3.5.5 on the v6k and v7 ARM platforms do\n not validate certain addresses, which allows attackers\n to read or modify the contents of arbitrary kernel\n memory locations via a crafted application, as\n exploited in the wild against Android devices in\n October and November 2013.(CVE-2013-6282)An issue was\n discovered in the Linux kernel before 4.20. There is a\n race condition in smp_task_timedout() and\n smp_task_done() in drivers/scsi/libsas/sas_expander.c,\n leading to a use-after-free.(CVE-2018-20836)The Siemens\n R3964 line discipline driver in drivers/tty/n_r3964.c\n in the Linux kernel before 5.0.8 has multiple race\n conditions.(CVE-2019-11486)The Linux kernel before\n 5.1-rc5 allows page->_refcount reference count\n overflow, with resultant use-after-free issues, if\n about 140 GiB of RAM exists. This is related to\n fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It\n can occur with FUSE requests.(CVE-2019-11487)The\n coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly\n have unspecified other impact by triggering a race\n condition with mmget_not_zero or get_task_mm calls.\n This is related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A\n n issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes\n a Denial of Service, related to a\n use-after-free.(CVE-2019-11810)An issue was discovered\n in the Linux kernel before 5.0.4. There is a\n use-after-free upon attempted read access to\n /proc/ioports after the ipmi_si module is removed,\n related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A\n flaw was found in the Linux kernel's handle_rx()\n function in the [vhost_net] driver. A malicious virtual\n guest, under specific conditions, can trigger an\n out-of-bounds write in a kmalloc-8 slab on a virtual\n host which may lead to a kernel memory corruption and a\n system panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out. Versions from\n v4.16 and newer are vulnerable.(CVE-2018-16880)An issue\n was discovered in rds_tcp_kill_sock in net/rds/tcp.c in\n the Linux kernel before 5.0.8. There is a race\n condition leading to a use-after-free, related to net\n namespace cleanup.(CVE-2019-11815)A flaw was found in\n the Linux kernel in the function\n hid_debug_events_read() in drivers/hid/hid-debug.c file\n which may enter an infinite loop with certain\n parameters passed from a userspace. A local privileged\n user ('root') can cause a system lock up and a denial\n of service. Versions from v4.18 and newer are\n vulnerable.(CVE-2019-3819)A flaw was found in the Linux\n kernel's vfio interface implementation that permits\n violation of the user's locked memory limit. If a\n device is bound to a vfio driver, such as vfio-pci, and\n the local attacker is administratively granted\n ownership of the device, it may cause a system memory\n exhaustion and thus a denial of service (DoS). Versions\n 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)An\n infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It\n could occur if one end sends packets faster than the\n other end can process them. A guest user, maybe remote\n one, could use this flaw to stall the vhost_net kernel\n thread, resulting in a DoS scenario.(CVE-2019-3900)In\n the Linux Kernel before versions 4.20.8 and 4.19.21 a\n use-after-free error in the 'sctp_sendmsg()' function\n (net/sctp/socket.c) when handling SCTP_SENDALL flag can\n be exploited to corrupt memory.(CVE-2019-8956)A flaw\n was found in the Linux kernel's implementation of ext4\n extent management. The kernel doesn't correctly\n initialize memory regions in the extent tree block\n which may be exported to a local user to obtain\n sensitive information by reading empty/uninitialized\n data from the filesystem.(CVE-2019-11833)An issue was\n discovered in drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference.(CVE-2019-12382)An issue was\n discovered in the efi subsystem in the Linux kernel\n through 5.1.5. phys_efi_set_virtual_address_map in\n arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory\n allocation failures. NOTE: This id is disputed as not\n being an issue because ?All the code touched by the\n referenced commit runs only at boot, before any user\n processes are started. Therefore, there is no\n possibility for an unprivileged user to control\n it.(CVE-2019-12380)An issue was discovered in the Linux\n kernel before 5.2.3. An out of bounds access exists in\n the function hclge_tm_schd_mode_vnet_base_cfg in the\n file drivers\n et/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.(CVE-2019-\n 15925)An issue was discovered in\n dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of\n prop-i1/4zname, which might allow an attacker to cause a\n denial of service (NULL pointer dereference and system\n crash).(CVE-2019-12614)An issue was discovered in\n net/ipv4/sysctl_net_ipv4.c in the Linux kernel before\n 5.0.11. There is a net/ipv4/tcp_input.c signed integer\n overflow in tcp_ack_update_rtt() when userspace writes\n a very large integer to\n /proc/syset/ipv4/tcp_min_rtt_wlen, leading to a denial\n of service or possibly unspecified other impact, aka\n CID-19fad20d15a6.(CVE-2019-18805)A flaw was found in\n the way PTRACE_TRACEME functionality was handled in the\n Linux kernel. The kernel's implementation of ptrace can\n inadvertently grant elevated permissions to an attacker\n who can then abuse the relationship between the tracer\n and the process being traced. This flaw could allow a\n local, unprivileged user to increase their privileges\n on the system or cause a denial of\n service.(CVE-2019-13272)An issue was discovered in\n ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux\n kernel through 5.1.5. There is an unchecked kmalloc of\n new_ra, which might allow an attacker to cause a denial\n of service (NULL pointer dereference and system crash).\n NOTE: This has been disputed as not an\n issue.(CVE-2019-12378)An issue was discovered in\n ip_ra_control in net/ipv4/ip_sockglue.c in the Linux\n kernel through 5.1.5. There is an unchecked kmalloc of\n new_ra, which might allow an attacker to cause a denial\n of service (NULL pointer dereference and system crash).\n NOTE: this is disputed because new_ra is never used if\n it is NULL.(CVE-2019-12381)An issue was discovered in\n sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c\n in the Linux kernel through 5.1.5. There is an\n unchecked kstrndup of derived_name, which might allow\n an attacker to cause a denial of service (NULL pointer\n dereference and system crash). NOTE: This id is\n disputed as not being an issue because 'The memory\n allocation that was not checked is part of a code that\n only runs at boot time, before user processes are\n started. Therefore, there is no possibility for an\n unprivileged user to control it, and no denial of\n service.'.(CVE-2019-12455)An issue was discovered in\n the MPT3COMMAND case in _ctl_ioctl_main in\n drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel\n through 5.1.5. It allows local users to cause a denial\n of service or possibly have unspecified other impact by\n changing the value of ioc_number between two kernel\n reads of that value, aka a ''double fetch''\n vulnerability. NOTE: a third party reports that this is\n unexploitable because the doubly fetched value is not\n used.(CVE-2019-12456)An issue was discovered in\n get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in\n the Linux kernel through 5.1.6. There is an unchecked\n kstrdup_const of node_info-i1/4zvdev_port.name, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system\n crash).(CVE-2019-12615)In parse_hid_report_descriptor\n in drivers/input/tablet/gtco.c in the Linux kernel\n through 5.2.1, a malicious USB device can send an HID\n report that triggers an out-of-bounds write during\n generation of debugging messages.(CVE-2019-13631)A\n vulnerability was found in the Linux kernelaEURtms floppy\n disk driver implementation. A local attacker with\n access to the floppy device could call set_geometry in\n drivers/block/floppy.c, which does not validate the\n sect and head fields, causing an integer overflow and\n out-of-bounds read. This flaw may crash the system or\n allow an attacker to gather information causing\n subsequent successful\n attacks.(CVE-2019-14283)check_input_term in\n sound/usb/mixer.c in the Linux kernel through 5.2.9\n mishandles recursion, leading to kernel stack\n exhaustion.(CVE-2019-15118)An issue was discovered in\n the Linux kernel before 5.2.6. There is a\n use-after-free caused by a malicious USB device in the\n drivers/media/v4l2-core/v4l2-dev.c driver because\n drivers/media/radio/radio-raremono.c does not properly\n allocate memory.(CVE-2019-15211)An issue was discovered\n in the Linux kernel before 5.0.10. There is a\n use-after-free in the sound subsystem because card\n disconnection causes certain data structures to be\n deleted too early. This is related to sound/core/init.c\n and sound/core/info.c.(CVE-2019-15214)An issue was\n discovered in the Linux kernel before 5.1.8. There is a\n NULL pointer dereference caused by a malicious USB\n device in the drivers/media/usb/siano/smsusb.c\n driver.(CVE-2019-15218)An issue was discovered in the\n Linux kernel before 5.1.8. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/usb/misc/sisusbvga/sisusb.c\n driver.(CVE-2019-15219)An issue was discovered in the\n Linux kernel before 5.2.1. There is a use-after-free\n caused by a malicious USB device in the\n driverset/wireless/intersil/p54/p54usb.c\n driver.(CVE-2019-15220)An issue was discovered in the\n Linux kernel before 5.1.17. There is a NULL pointer\n dereference caused by a malicious USB device in the\n sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue\n was discovered in the Linux kernel before 5.0.9. There\n is a use-after-free in atalk_proc_exit, related to\n net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An\n issue was discovered in xfs_setattr_nonsize in\n fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.\n XFS partially wedges when a chgrp fails on account of\n being out of disk quota. xfs_setattr_nonsize is failing\n to unlock the ILOCK after the xfs_qm_vop_chown_reserve\n call fails. This is primarily a local DoS attack\n vector, but it might result as well in remote DoS if\n the XFS filesystem is exported for instance via\n NFS.(CVE-2019-15538)An issue was discovered in the\n Linux kernel before 5.0.19. There is an out-of-bounds\n array access in __xfrm_policy_unlink, which will cause\n denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory\n validation.(CVE-2019-15666)In the Linux kernel before\n 5.1.13, there is a memory leak in\n drivers/scsi/libsas/sas_expander.c when SAS expander\n discovery fails. This will cause a BUG and denial of\n service.(CVE-2019-15807)An issue was discovered in the\n Linux kernel before 5.0.5. There is a use-after-free\n issue when hci_uart_register_dev() fails in\n hci_uart_set_proto() in\n drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)An issue\n was discovered in the Linux kernel before 5.0.10.\n SMB2_write in fs/cifs/smb2pdu.c has a\n use-after-free.(CVE-2019-15919)An issue was discovered\n in the Linux kernel before 5.0.10. SMB2_read in\n fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was\n not fixed correctly in 5.0.10 see the 5.0.11 ChangeLog,\n which documents a memory leak.(CVE-2019-15920)An issue\n was discovered in the Linux kernel before 5.0.4. The 9p\n filesystem did not protect i_size_write() properly,\n which causes an i_size_read() infinite loop and denial\n of service on SMP systems.(CVE-2019-16413)An issue was\n discovered in can_can_gw_rcv in net/can/gw.c in the\n Linux kernel through 4.19.13. The CAN frame\n modification rules allow bitwise logical operations\n that can be also applied to the can_dlc field. Because\n of a missing check, the CAN drivers may write arbitrary\n content beyond the data registers in the CAN\n controller's I/O memory when processing can-gw\n manipulated outgoing frames. This is related to\n cgw_csum_xor_rel. An unprivileged user can trigger a\n system crash (general protection\n fault).(CVE-2019-3701)A flaw was found in the Linux\n kernel's Marvell wifi chip driver. A heap overflow in\n mwifiex_update_bss_desc_with_ie function in\n marvell/mwifiex/scan.c allows remote attackers to cause\n a denial of service(system crash) or execute arbitrary\n code.(CVE-2019-3846)A new software page cache side\n channel attack scenario was discovered in operating\n systems that implement the very common 'page cache'\n caching mechanism. A malicious user/process could use\n 'in memory' page-cache knowledge to infer access\n timings to shared memory and gain knowledge which can\n be used to reduce effectiveness of cryptographic\n strength by monitoring algorithmic behavior, infer\n access patterns of memory to determine code paths\n taken, and exfiltrate data to a blinded attacker\n through page-granularity access times as a\n side-channel.(CVE-2019-5489)In the Android kernel in\n the video driver there is a kernel pointer leak due to\n a WARN_ON statement. This could lead to local\n information disclosure with System execution privileges\n needed. User interaction is not needed for\n exploitation.(CVE-2019-9455)A vulnerability was found\n in the arch/x86/lib/insn-eval.c function in the Linux\n kernel. An attacker could corrupt the memory due to a\n flaw in use-after-free access to an LDT entry caused by\n a race condition between modify_ldt() and a #BR\n exception for an MPX bounds violation.(CVE-2019-13233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1186\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d22916d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15292\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h361.eulerosv2r8\"];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:33:10", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.(CVE-2019-11190)The Siemens R3964 line discipline driver in drivers/tty_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page-i1/4z_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.\n This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.(CVE-2018-7191)net/ipv6etfilterf_conntrac k_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.(CVE-2012-2744)Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product:\n Android. Versions: Android kernel. Android ID:\n A-37351060. References: B-V2017060101.(CVE-2017-0786)An issue was discovered in the Linux kernel before 5.0.4.\n There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)Not e1: kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.Note2: The kernel version number naming format has been changed after 4.19.36-1.2.184.aarch64, the new version format is 4.19.36-vhulk1907.1.0.hxxx.aarch64, which may lead to false positives of this security advisory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2744", "CVE-2012-3400", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-6282", "CVE-2017-0786", "CVE-2018-20836", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1635.NASL", "href": "https://www.tenable.com/plugins/nessus/125587", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125587);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2012-2744\",\n \"CVE-2012-3400\",\n \"CVE-2013-2164\",\n \"CVE-2013-2206\",\n \"CVE-2013-6282\",\n \"CVE-2017-0786\",\n \"CVE-2018-20836\",\n \"CVE-2018-7191\",\n \"CVE-2019-11190\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_bugtraq_id(\n 54279,\n 54367,\n 60375,\n 60715,\n 63734\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n the Linux kernel before 4.20. There is a race condition\n in smp_task_timedout() and smp_task_done() in\n drivers/scsi/libsas/sas_expander.c, leading to a\n use-after-free.(CVE-2018-20836)The Linux kernel before\n 4.8 allows local users to bypass ASLR on setuid\n programs (such as /bin/su) because install_exec_creds()\n is called too late in load_elf_binary() in\n fs/binfmt_elf.c, and thus the ptrace_may_access() check\n has a race condition when reading\n /proc/pid/stat.(CVE-2019-11190)The Siemens R3964 line\n discipline driver in drivers/tty_r3964.c in the Linux\n kernel before 5.0.8 has multiple race\n conditions.(CVE-2019-11486)The Linux kernel before\n 5.1-rc5 allows page-i1/4z_refcount reference count\n overflow, with resultant use-after-free issues, if\n about 140 GiB of RAM exists. This is related to\n fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It\n can occur with FUSE requests.(CVE-2019-11487)The\n coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly\n have unspecified other impact by triggering a race\n condition with mmget_not_zero or get_task_mm calls.\n This is related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A\n n issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes\n a Denial of Service, related to a\n use-after-free.(CVE-2019-11810)In the tun subsystem in\n the Linux kernel before 4.13.14, dev_get_valid_name is\n not called before register_netdevice. This allows local\n users to cause a denial of service (NULL pointer\n dereference and panic) via an ioctl(TUNSETIFF) call\n with a dev name containing a / character. This is\n similar to\n CVE-2013-4343.(CVE-2018-7191)net/ipv6etfilterf_conntrac\n k_reasm.c in the Linux kernel before 2.6.34, when the\n nf_conntrack_ipv6 module is enabled, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via certain types of\n fragmented IPv6 packets.(CVE-2012-2744)Heap-based\n buffer overflow in the udf_load_logicalvol function in\n fs/udf/super.c in the Linux kernel before 3.4.5 allows\n remote attackers to cause a denial of service (system\n crash) or possibly have unspecified other impact via a\n crafted UDF filesystem.(CVE-2012-3400)The\n mmc_ioctl_cdrom_read_data function in\n drivers/cdrom/cdrom.c in the Linux kernel through 3.10\n allows local users to obtain sensitive information from\n kernel memory via a read operation on a malfunctioning\n CD-ROM drive.(CVE-2013-2164)The (1) get_user and (2)\n put_user API functions in the Linux kernel before 3.5.5\n on the v6k and v7 ARM platforms do not validate certain\n addresses, which allows attackers to read or modify the\n contents of arbitrary kernel memory locations via a\n crafted application, as exploited in the wild against\n Android devices in October and November\n 2013.(CVE-2013-6282)The sctp_sf_do_5_2_4_dupcook\n function in net/sctp/sm_statefuns.c in the SCTP\n implementation in the Linux kernel before 3.8.5 does\n not properly handle associations during the processing\n of a duplicate COOKIE ECHO chunk, which allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact via crafted SCTP\n traffic.(CVE-2013-2206)A elevation of privilege\n vulnerability in the Broadcom wi-fi driver. Product:\n Android. Versions: Android kernel. Android ID:\n A-37351060. References: B-V2017060101.(CVE-2017-0786)An\n issue was discovered in the Linux kernel before 5.0.4.\n There is a use-after-free upon attempted read access to\n /proc/ioports after the ipmi_si module is removed,\n related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)Not\n e1: kernel-4.19.36-vhulk1907.1.0.h529 and earlier\n versions in EulerOS Virtualization for ARM 64 3.0.2.0\n return incorrect time information when executing the\n uname -a command.Note2: The kernel version number\n naming format has been changed after\n 4.19.36-1.2.184.aarch64, the new version format is\n 4.19.36-vhulk1907.1.0.hxxx.aarch64, which may lead to\n false positives of this security advisory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1635\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9661d030\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android get_user/put_user Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-1.2.159\",\n \"kernel-devel-4.19.36-1.2.159\",\n \"kernel-headers-4.19.36-1.2.159\",\n \"kernel-tools-4.19.36-1.2.159\",\n \"kernel-tools-libs-4.19.36-1.2.159\",\n \"kernel-tools-libs-devel-4.19.36-1.2.159\",\n \"perf-4.19.36-1.2.159\",\n \"python-perf-4.19.36-1.2.159\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-24T14:28:45", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nThis updated advisory text mentions the additional non-security changes and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi connectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the 'KNOB attack'. An attacker that is nearby during pairing could use this to weaken the encryption used between the paired devices, and then to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum encryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility could be used to cause integer overflow in page reference counts, leading to a use-after-free. On a system with sufficient physical memory, a local user permitted to create arbitrary FUSE mounts could use this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE filesystems through fusermount, which limits the number of mounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work correctly if more than one device is bound to it. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that USB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the sisusbvga driver could lead to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB devices' maximum packet sizes, which could lead to a heap buffer overrun. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk protocol implementation, which could lead to a use-after-free. The security impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp command failed due to a disk quota. A local user on a system using XFS and disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network transformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace) could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did not correctly handle failure to discover devices beyond a SAS expander. This could lead to a resource leak and crash (BUG). The security impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet driver, which could lead to a NULL pointer dereference and crash (BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate traffic class numbers in received control packets, leading to out-of-bounds memory accesses. A nearby attacker on the same wifi network could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.189-3. This version also includes a fix for Debian bug #930904, and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9 packages. You will need to use 'apt-get upgrade --with-new-pkgs' or 'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "Debian DLA-1919-2 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-11487", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-9506"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1919.NASL", "href": "https://www.tenable.com/plugins/nessus/128779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1919-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128779);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-11487\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-15538\", \"CVE-2019-15666\", \"CVE-2019-15807\", \"CVE-2019-15924\", \"CVE-2019-15926\", \"CVE-2019-9506\");\n\n script_name(english:\"Debian DLA-1919-2 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nThis updated advisory text mentions the additional non-security\nchanges and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen\ndiscovered a weakness in the Bluetooth pairing protocols, dubbed the\n'KNOB attack'. An attacker that is nearby during pairing could use\nthis to weaken the encryption used between the paired devices, and\nthen to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum\nencryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility\ncould be used to cause integer overflow in page reference counts,\nleading to a use-after-free. On a system with sufficient physical\nmemory, a local user permitted to create arbitrary FUSE mounts could\nuse this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE\nfilesystems through fusermount, which limits the number of\nmounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could\nlead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work\ncorrectly if more than one device is bound to it. An attacker able to\nadd USB devices could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that\nUSB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the\nsisusbvga driver could lead to a NULL pointer dereference. An attacker\nable to add USB devices could use this to cause a denial of service\n(BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which\ncould lead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB\ndevices' maximum packet sizes, which could lead to a heap buffer\noverrun. An attacker able to add USB devices could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk\nprotocol implementation, which could lead to a use-after-free. The\nsecurity impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp\ncommand failed due to a disk quota. A local user on a system using XFS\nand disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network\ntransformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace)\ncould use this to cause a denial of service (memory corruption or\ncrash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did\nnot correctly handle failure to discover devices beyond a SAS\nexpander. This could lead to a resource leak and crash (BUG). The\nsecurity impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet\ndriver, which could lead to a NULL pointer dereference and crash\n(BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate\ntraffic class numbers in received control packets, leading to\nout-of-bounds memory accesses. A nearby attacker on the same wifi\nnetwork could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.189-3. This version also includes a fix for Debian bug #930904,\nand other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use 'apt-get upgrade --with-new-pkgs' or\n'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.189-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:15", "description": "Rebase to the v5.1 kernel series\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-7ec378191e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-3846"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-7EC378191E.NASL", "href": "https://www.tenable.com/plugins/nessus/125746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-7ec378191e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125746);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-12378\", \"CVE-2019-12379\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-3846\");\n script_xref(name:\"FEDORA\", value:\"2019-7ec378191e\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-7ec378191e)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to the v5.1 kernel series\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ec378191e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-12378\", \"CVE-2019-12379\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-3846\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-7ec378191e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.1.6-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.1.6-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.1.6-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:16", "description": "Update to v5.1.7\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-10T00:00:00", "type": "nessus", "title": "Fedora 30 : kernel / kernel-headers (2019-f40bd7826f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12454", "CVE-2019-12455", "CVE-2019-3846"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-F40BD7826F.NASL", "href": "https://www.tenable.com/plugins/nessus/125790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f40bd7826f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125790);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-12378\", \"CVE-2019-12379\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12454\", \"CVE-2019-12455\", \"CVE-2019-3846\");\n script_xref(name:\"FEDORA\", value:\"2019-f40bd7826f\");\n\n script_name(english:\"Fedora 30 : kernel / kernel-headers (2019-f40bd7826f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to v5.1.7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f40bd7826f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-12378\", \"CVE-2019-12379\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12454\", \"CVE-2019-12455\", \"CVE-2019-3846\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-f40bd7826f\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.1.7-300.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-headers-5.1.7-300.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:41", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2019-2.0-0160", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815"], "modified": "2019-05-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0160_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/125396", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0160. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125396);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/05/30 11:03:54\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11815\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2019-2.0-0160\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-160.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.173-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-tools-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.173-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-21T16:49:36", "description": "USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue.\n\nWe apologize for the inconvenience.\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19985", "CVE-2018-20784", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1042-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1042-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1044-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1045-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1048-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1057-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-62-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-62-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-62-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4115-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4115-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128680);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2018-19985\",\n \"CVE-2018-20784\",\n \"CVE-2019-0136\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-14763\",\n \"CVE-2019-15090\",\n \"CVE-2019-15211\",\n \"CVE-2019-15212\",\n \"CVE-2019-15214\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15218\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15292\",\n \"CVE-2019-3701\",\n \"CVE-2019-3819\",\n \"CVE-2019-3900\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"USN\", value:\"4115-2\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu\n18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update,\na regression was introduced that caused a kernel crash when handling\nfragmented packets in some situations. This update addresses the\nissue.\n\nWe apologize for the inconvenience.\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed\ndriver in the Linux kernel did not properly validate metadata received\nfrom the device. A physically proximate attacker could use this to\ncause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel did not properly validate certain Tunneled Direct Link Setup\n(TDLS). A physically proximate attacker could use this to cause a\ndenial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local\nattacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could be exposed by the implementation of connection-less\nnetwork protocols in the Linux kernel. A remote attacker could\npossibly use this to assist in the exploitation of another\nvulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the LSI Logic MegaRAID driver in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux\nkernel did not properly bounds check the initial HID report sent by\nthe device. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare\nUSB3 DRD Controller device driver in the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic\nQEDI iSCSI Initiator Driver in the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information (kernel\nmemory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in\nthe Linux kernel did not properly allocate memory, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500\ndevice driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux\nSound Architecture (ALSA) subsystem of the Linux kernel, leading to a\npotential use-after-free. A physically proximate attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2\nvideo4linux device driver for the Linux kernel, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB\nPrism54 device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppleTalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen\ndiscovered that the Bluetooth protocol BR/EDR specification did not\nproperly require sufficiently strong encryption key lengths. A\nphysically proximate attacker could use this to expose sensitive\ninformation. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX\ndevice driver in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in\nthe Linux kernel made improper assumptions about the device\ncharacteristics. A physically proximate attacker could use this cause\na denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux\nkernel did not properly validate data size information from the\ndevice. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in\nsome situations did not properly restrict the field size when\nprocessing outgoing frames. A local attacker with CAP_NET_ADMIN\nprivileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux\nkernel's HID subsystem did not properly validate passed parameters in\nsome situations. A local privileged attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4115-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15292\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1042-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1042-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1044-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1045-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1048-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1057-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-62-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-62-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-62-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-62',\n 'generic-lpae': '4.15.0-62',\n 'lowlatency': '4.15.0-62',\n 'oracle': '4.15.0-1023',\n 'gcp': '4.15.0-1042',\n 'aws': '4.15.0-1048',\n 'azure': '4.15.0-1057'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-62',\n 'generic-lpae': '4.15.0-62',\n 'lowlatency': '4.15.0-62',\n 'oracle': '4.15.0-1023',\n 'gke': '4.15.0-1042',\n 'kvm': '4.15.0-1044',\n 'raspi2': '4.15.0-1045',\n 'aws': '4.15.0-1048'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4115-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list();\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4115-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:04", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4746 advisory.\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL. (CVE-2019-12381)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. (CVE-2019-13631)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.\n (CVE-2019-13272)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-11833", "CVE-2019-12378", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-13272", "CVE-2019-13631"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4746.NASL", "href": "https://www.tenable.com/plugins/nessus/127985", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4746.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127985);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-1125\",\n \"CVE-2019-11833\",\n \"CVE-2019-12378\",\n \"CVE-2019-12381\",\n \"CVE-2019-12382\",\n \"CVE-2019-13272\",\n \"CVE-2019-13631\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0284-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0285-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0290-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4746 advisory.\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the\n extent tree block, which might allow local users to obtain sensitive information by reading uninitialized\n data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used\n if it is NULL. (CVE-2019-12381)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a\n malicious USB device can send an HID report that triggers an out-of-bounds write during generation of\n debugging messages. (CVE-2019-13631)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the\n Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as\n not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance\n for a NULL pointer dereference. (CVE-2019-12382)\n\n - In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the\n credentials of a process that wants to create a ptrace relationship, which allows local users to obtain\n root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops\n privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an\n object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of\n a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper\n with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.\n (CVE-2019-13272)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4746.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.4.8.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4746');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.4.8.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:49:55", "description": "Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19985", "CVE-2018-20784", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1022-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1041-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1041-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1043-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1044-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1056-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-60-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-60-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-60-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4115-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128475", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4115-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128475);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2018-19985\",\n \"CVE-2018-20784\",\n \"CVE-2019-0136\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-14763\",\n \"CVE-2019-15090\",\n \"CVE-2019-15211\",\n \"CVE-2019-15212\",\n \"CVE-2019-15214\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15218\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15292\",\n \"CVE-2019-3701\",\n \"CVE-2019-3819\",\n \"CVE-2019-3900\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"USN\", value:\"4115-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4115-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Hui Peng and Mathias Payer discovered that the Option USB High Speed\ndriver in the Linux kernel did not properly validate metadata received\nfrom the device. A physically proximate attacker could use this to\ncause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel wifi device driver in the Linux\nkernel did not properly validate certain Tunneled Direct Link Setup\n(TDLS). A physically proximate attacker could use this to cause a\ndenial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local\nattacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could exposed by the implementation of connection-less\nnetwork protocols in the Linux kernel. A remote attacker could\npossibly use this to assist in the exploitation of another\nvulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the LSI Logic MegaRAID driver in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux\nkernel did not properly bounds check the initial HID report sent by\nthe device. A physically proximate attacker could use to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare\nUSB3 DRD Controller device driver in the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic\nQEDI iSCSI Initiator Driver in the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information (kernel\nmemory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in\nthe Linux kernel did not properly allocate memory, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500\ndevice driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux\nSound Architecture (ALSA) subsystem of the Linux kernel, leading to a\npotential use-after-free. A physically proximate attacker could use\nthis to cause a denial of service (system crash) pro possibly execute\narbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2\nvideo4linux device driver for the Linux kernel, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB\nPrism54 device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppletalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen\ndiscovered that the Bluetooth protocol BR/EDR specification did not\nproperly require sufficiently strong encryption key lengths. A\nphysicall proximate attacker could use this to expose sensitive\ninformation. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX\ndevice driver in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in\nthe Linux kernel made improper assumptions about the device\ncharacteristics. A physically proximate attacker could use this cause\na denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux\nkernel did not properly validate data size information from the\ndevice. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in\nsome situations did not properly restrict the field size when\nprocessing outgoing frames. A local attacker with CAP_NET_ADMIN\nprivileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux\nkernel's HID subsystem did not properly validate passed parameters in\nsome situations. A local privileged attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4115-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15292\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1022-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1041-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1041-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1043-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1044-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1056-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-60-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-60-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-60-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-60',\n 'generic-lpae': '4.15.0-60',\n 'lowlatency': '4.15.0-60',\n 'oracle': '4.15.0-1022',\n 'gcp': '4.15.0-1041',\n 'azure': '4.15.0-1056'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-60',\n 'generic-lpae': '4.15.0-60',\n 'lowlatency': '4.15.0-60',\n 'oracle': '4.15.0-1022',\n 'gke': '4.15.0-1041',\n 'kvm': '4.15.0-1043',\n 'raspi2': '4.15.0-1044'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4115-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2018-19985', 'CVE-2018-20784', 'CVE-2019-0136', 'CVE-2019-3701', 'CVE-2019-3819', 'CVE-2019-3900', 'CVE-2019-9506', 'CVE-2019-10207', 'CVE-2019-10638', 'CVE-2019-10639', 'CVE-2019-11487', 'CVE-2019-11599', 'CVE-2019-11810', 'CVE-2019-13631', 'CVE-2019-13648', 'CVE-2019-14283', 'CVE-2019-14284', 'CVE-2019-14763', 'CVE-2019-15090', 'CVE-2019-15211', 'CVE-2019-15212', 'CVE-2019-15214', 'CVE-2019-15215', 'CVE-2019-15216', 'CVE-2019-15218', 'CVE-2019-15220', 'CVE-2019-15221', 'CVE-2019-15292');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4115-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:01", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC processing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\\0' character. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1536-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125997", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1536-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125997);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-7191\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\",\n \"CVE-2019-10124\",\n \"CVE-2019-11085\",\n \"CVE-2019-11477\",\n \"CVE-2019-11479\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11815\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that\none can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment\nits responses into multiple TCP segments. This would drastically\nincreased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC\nprocessing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in\ndrivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an\nunchecked kstrdup of fwstr, which might have allowed an attacker to\ncause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-11487: The Linux kernel allowed page reference count\noverflow, with resultant use-after-free issues, if about 140 GiB of\nRAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may have been possible,\nas demonstrated by latency differences in accessing public files from\nan Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might have\nallowed local users to obtain sensitive information by reading\nuninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel,\ndev_get_valid_name was not called before register_netdevice. This\nallowed local users to cause a denial of service (NULL pointer\ndereference and panic) via an ioctl(TUNSETIFF) call with a dev name\ncontaining a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\ni915 Graphics for Linux may have allowed an authenticated user to\npotentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\nnet/rds/tcp.c in the Linux kernel There was a race condition leading\nto a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na hidPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c in the Linux kernel had multiple race\nconditions. (bnc#1133188)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7191/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10124/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11486/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12382/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191536-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2198bf22\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1536=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.15.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:18", "description": "The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575)\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses.\nForcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#)\n\nCVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935)\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.\n(bnc#1134395)\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.\n(bnc#1133738)\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n(bnc#)\n\nCVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194)\n\nCVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291)\n\nCVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922).\n\nCVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.\nNOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#)\n\nCVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1823-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-12380", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1823-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1823-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126688);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-20836\",\n \"CVE-2019-10126\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-12380\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1823-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an\nattacker using the IP ID values the kernel produces for\nconnection-less protocols (e.g., UDP and ICMP). When such traffic was\nsent to multiple destination IP addresses, it was possible to obtain\nhash collisions (of indices to the counter array) and thereby obtain\nthe hashing key (via enumeration). An attack may be conducted by\nhosting a crafted web page that uses WebRTC or gQUIC to force UDP\ntraffic to attacker-controlled IP addresses. (bnc#1140575)\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial\nkernel address disclosure), leading to a KASLR bypass. Specifically,\nit was possible to extract the KASLR kernel image offset using the IP\nID values the kernel produces for connection-less protocols (e.g., UDP\nand ICMP). When such traffic was sent to multiple destination IP\naddresses, it was possible to obtain hash collisions (of indices to\nthe counter array) and thereby obtain the hashing key (via\nenumeration). This key contains enough bits from a kernel address (of\na static variable) so when the key was extracted (via enumeration),\nthe offset of the kernel image is exposed. This attack can be carried\nout remotely, by the attacker forcing the target device to send UDP or\nICMP (or certain other) traffic to attacker-controlled IP addresses.\nForcing a server to send UDP traffic is trivial if the server is a DNS\nserver. ICMP traffic is trivial if the server answers ICMP Echo\nrequests (ping). For client targets, if the target visited the\nattacker's web page, then WebRTC or gQUIC could be used to force UDP\ntraffic to attacker-controlled IP addresses. NOTE: this attack against\nKASLR became viable because IP ID generation was changed to have a\ndependency on an address associated with a network namespace. (bnc#)\n\nCVE-2019-10126: A flaw was found in the Linux kernel that might lead\nto memory corruption in the marvell mwifiex driver. (bnc#1136935)\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was\na race condition in smp_task_timedout() and smp_task_done() in\ndrivers/scsi/libsas/sas_expander.c, leading to a use-after-free.\n(bnc#1134395)\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did\nnot use locking or other mechanisms to prevent vma layout or vma flags\nchanges while it ran, which allowed local users to obtain sensitive\ninformation, cause a denial of service, or possibly have unspecified\nother impact by triggering a race condition with mmget_not_zero or\nget_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\nfs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.\n(bnc#1133738)\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in\narch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was\nan unchecked kstrdup of prop-name, which might allow an attacker to\ncause a denial of service (NULL pointer dereference and system crash).\n(bnc#)\n\nCVE-2019-12818: An issue was discovered in the Linux kernel The\nnfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return\nNULL. If the caller did not check for this, it will trigger a NULL\npointer dereference. This will cause denial of service. This affects\nnfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194)\n\nCVE-2019-12819: An issue was discovered in the Linux kernel The\nfunction __mdiobus_register() in drivers/net/phy/mdio_bus.c called\nput_device(), which would trigger a fixed_mdio_bus_init\nuse-after-free. This would cause a denial of service. (bnc#1138291)\n\nCVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow\nlocal users to create a denial of service (bsc#1136922).\n\nCVE-2019-12380: An issue was discovered in the efi subsystem in the\nLinux kernel phys_efi_set_virtual_address_map in\narch/x86/platform/efi/efi.c and efi_call_phys_prolog in\narch/x86/platform/efi/efi_64.c mishandle memory allocation failures.\nNOTE: This id is disputed as not being an issue because All the code\ntouched by the referenced commit runs only at boot, before any user\nprocesses are started. Therefore, there is no possibility for an\nunprivileged user to control it. (bnc#)\n\nCVE-2019-11487: The Linux kernel allowed page-_refcount reference\ncount to overflow, with resultant use-after-free issues, if about 140\nGiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c,\nfs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h,\nkernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with\nFUSE requests. (bnc#1133190)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12380/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12819/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191823-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1e15fc1\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1823=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1823=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1823=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1823=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1823=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_117-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.117.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.117.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:29", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), that lead to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses.\nForcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).\n\nCVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm call. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service (bnc#1138291).\n\nCVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause a denial of service. This affected nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).\n\nCVE-2019-12456: A double-fetch bug in _ctl_ioctl_main() could lead to a local denial of service attack (bsc#1136922 CVE-2019-12456).\n\nCVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.\nNOTE: This id is disputed as not being an issue because ;All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it (bnc#1136598).\n\nCVE-2019-11487: The Linux kernel before allowed page-_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests (bnc#1133190 1133191).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-12380", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1852-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1852-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126742);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-20836\",\n \"CVE-2019-10126\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-12380\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an\nattacker using the IP ID values the kernel produces for\nconnection-less protocols (e.g., UDP and ICMP). When such traffic was\nsent to multiple destination IP addresses, it was possible to obtain\nhash collisions (of indices to the counter array) and thereby obtain\nthe hashing key (via enumeration). An attack may have been conducted\nby hosting a crafted web page that uses WebRTC or gQUIC to force UDP\ntraffic to attacker-controlled IP addresses (bnc#1140575 1140577).\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial\nkernel address disclosure), that lead to a KASLR bypass. Specifically,\nit was possible to extract the KASLR kernel image offset using the IP\nID values the kernel produces for connection-less protocols (e.g., UDP\nand ICMP). When such traffic is sent to multiple destination IP\naddresses, it was possible to obtain hash collisions (of indices to\nthe counter array) and thereby obtain the hashing key (via\nenumeration). This key contains enough bits from a kernel address (of\na static variable) so when the key is extracted (via enumeration), the\noffset of the kernel image is exposed. This attack could be carried\nout remotely, by the attacker forcing the target device to send UDP or\nICMP (or certain other) traffic to attacker-controlled IP addresses.\nForcing a server to send UDP traffic is trivial if the server is a DNS\nserver. ICMP traffic is trivial if the server answers ICMP Echo\nrequests (ping). For client targets, if the target visited the\nattacker's web page, then WebRTC or gQUIC could be used to force UDP\ntraffic to attacker-controlled IP addresses. NOTE: this attack against\nKASLR became viable because IP ID generation was changed to have a\ndependency on an address associated with a network namespace\n(bnc#1140577).\n\nCVE-2019-10126: A flaw was found in the Linux kernel. A heap based\nbuffer overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory\ncorruption and possibly other consequences (bnc#1136935).\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was\na race condition in smp_task_timedout() and smp_task_done() in\ndrivers/scsi/libsas/sas_expander.c, leading to a use-after-free\n(bnc#1134395).\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did\nnot use locking or other mechanisms to prevent vma layout or vma flags\nchanges while it ran, which allowed local users to obtain sensitive\ninformation, cause a denial of service, or possibly have unspecified\nother impact by triggering a race condition with mmget_not_zero or\nget_task_mm call. This is related to fs/userfaultfd.c, mm/mmap.c,\nfs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c\n(bnc#1131645 1133738).\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in\narch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was\nan unchecked kstrdup of prop-name, which might have allowed an\nattacker to cause a denial of service (NULL pointer dereference and\nsystem crash) (bnc#1137194).\n\nCVE-2019-12819: An issue was discovered in the Linux kernel The\nfunction __mdiobus_register() in drivers/net/phy/mdio_bus.c calls\nput_device(), which would trigger a fixed_mdio_bus_init\nuse-after-free. This would cause a denial of service (bnc#1138291).\n\nCVE-2019-12818: An issue was discovered in the Linux kernel The\nnfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return\nNULL. If the caller did not check for this, it would trigger a NULL\npointer dereference. This would cause a denial of service. This\naffected nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).\n\nCVE-2019-12456: A double-fetch bug in _ctl_ioctl_main() could lead to\na local denial of service attack (bsc#1136922 CVE-2019-12456).\n\nCVE-2019-12380: An issue was discovered in the efi subsystem in the\nLinux kernel phys_efi_set_virtual_address_map in\narch/x86/platform/efi/efi.c and efi_call_phys_prolog in\narch/x86/platform/efi/efi_64.c mishandle memory allocation failures.\nNOTE: This id is disputed as not being an issue because ;All the code\ntouched by the referenced commit runs only at boot, before any user\nprocesses are started. Therefore, there is no possibility for an\nunprivileged user to control it (bnc#1136598).\n\nCVE-2019-11487: The Linux kernel before allowed page-_refcount\nreference count overflow, with resultant use-after-free issues, if\nabout 140 GiB of RAM exists. This is related to fs/fuse/dev.c,\nfs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h,\nkernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with\nFUSE requests (bnc#1133190 1133191).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12380/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12819/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191852-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f06a8621\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-1852=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-1852=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1852=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2019-1852=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-1852=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.100.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.100.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:23", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2019-1.0-0236", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20836", "CVE-2019-11190", "CVE-2019-11810", "CVE-2019-11815"], "modified": "2020-01-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0236_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/126121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0236. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126121);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\n \"CVE-2018-20836\",\n \"CVE-2019-11190\",\n \"CVE-2019-11810\",\n \"CVE-2019-11815\"\n );\n script_bugtraq_id(\n 107890,\n 108196,\n 108283,\n 108286\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2019-1.0-0236\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-236.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.180-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.180-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.180-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:10", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4729 advisory.\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL. (CVE-2019-12381)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20169", "CVE-2019-11833", "CVE-2019-12378", "CVE-2019-12381"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4729.NASL", "href": "https://www.tenable.com/plugins/nessus/127613", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4729.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127613);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-20169\",\n \"CVE-2019-11833\",\n \"CVE-2019-12378\",\n \"CVE-2019-12381\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4729)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4729 advisory.\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during\n the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the\n extent tree block, which might allow local users to obtain sensitive information by reading uninitialized\n data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used\n if it is NULL. (CVE-2019-12381)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4729.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.29.3.el6uek', '4.1.12-124.29.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4729');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.29.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.29.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.29.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.29.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:20", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here :\n\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate\n-info rmation/SA00233-microcode-update-guidance_05132019.\n(bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here :\n\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate\n-info rmation/SA00233-microcode-update-guidance_05132019.\n(bsc#1111331)CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586)\n\nCVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699).\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188)\n\nCVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397)\n\nCVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests.\n(bsc#1133190)\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\\0' character. (bsc#1134848)\n\nCVE-2019-9500: An issue was discovered that lead to brcmfmac heap buffer overflow. (bsc#1132681)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access.\n(bsc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278)\n\nCVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may have lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bsc#1122767)\n\nCVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291)\n\nCVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permitted violation of the user's locked memory limit. If a device was bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may have caused a system memory exhaustion and thus a denial of service (DoS). (bsc#1131427)\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424)\n\nCVE-2019-8564: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132673)\n\nCVE-2019-9503: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132828)\n\nCVE-2019-9003: In the Linux kernel, attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop. (bsc#1126704)\n\nCVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC processing power.\n\nCVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).\n\nCVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero.\n(bnc#1143189)\n\nCVE-2019-12456: An issue was discovered in the MPT3COMMAND case in\n_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability.\nNOTE: a third-party reports that this is unexploitable because the doubly fetched value is not used. (bsc#1136922)\n\nCVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.\n(bsc#1136598)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16871", "CVE-2018-16880", "CVE-2018-20836", "CVE-2018-20855", "CVE-2018-7191", "CVE-2019-10124", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11091", "CVE-2019-1125", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12380", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12817", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-13233", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-8564", "CVE-2019-9003", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-extra", "p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-livepatch", "p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-base", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2430-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2430-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129284);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-5753\",\n \"CVE-2018-7191\",\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2018-16871\",\n \"CVE-2018-16880\",\n \"CVE-2018-20836\",\n \"CVE-2018-20855\",\n \"CVE-2019-1125\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-5489\",\n \"CVE-2019-8564\",\n \"CVE-2019-9003\",\n \"CVE-2019-9500\",\n \"CVE-2019-9503\",\n \"CVE-2019-10124\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11085\",\n \"CVE-2019-11091\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11815\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12380\",\n \"CVE-2019-12382\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12817\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\",\n \"CVE-2019-13233\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0324\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store\nBuffer Data Sampling (MSBDS): Stored buffers on some microprocessors\nutilizing speculative execution which may have allowed an\nauthenticated user to potentially enable information disclosure via a\nside channel with local access. A list of impacted products can be\nfound here :\n\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate\n-info rmation/SA00233-microcode-update-guidance_05132019.\n(bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling\nUncacheable Memory (MDSUM): Uncacheable memory on some microprocessors\nutilizing speculative execution may have allowed an authenticated user\nto potentially enable information disclosure via a side channel with\nlocal access. A list of impacted products can be found here :\n\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate\n-info rmation/SA00233-microcode-update-guidance_05132019.\n(bsc#1111331)CVE-2019-12382: An issue was discovered in\ndrm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux\nkernel There was an unchecked kstrdup of fwstr, which might allow an\nattacker to cause a denial of service (NULL pointer dereference and\nsystem crash). (bsc#1136586)\n\nCVE-2019-10124: An issue was discovered in the hwpoison implementation\nin mm/memory-failure.c in the Linux kernel. When\nsoft_offline_in_use_page() runs on a thp tail page after pmd is split,\nan attacker could cause a denial of service (bsc#1130699).\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c in the Linux kernel has multiple race\nconditions. (bsc#1133188)\n\nCVE-2019-11811: An issue was discovered in the Linux kernel There was\na use-after-free upon attempted read access to /proc/ioports after the\nipmi_si module was removed, related to\ndrivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c,\nand drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397)\n\nCVE-2019-11487: The Linux kernel allowed page reference count\noverflow, with resultant use-after-free issues, if about 140 GiB of\nRAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\ninclude/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,\nmm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests.\n(bsc#1133190)\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in\nnet/nfc/llcp_commands.c may return NULL. If the caller does not check\nfor this, it will trigger a NULL pointer dereference. This will cause\ndenial of service. This used to affect nfc_llcp_build_gb in\nnet/nfc/llcp_core.c. (bsc#1138293)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might allow\nlocal users to obtain sensitive information by reading uninitialized\ndata in the filesystem. (bsc#1135281)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may be possible, as\ndemonstrated by latency differences in accessing public files from an\nApache HTTP Server. (bsc#1120843)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel,\ndev_get_valid_name was not called before register_netdevice. This\nallowed local users to cause a denial of service (NULL pointer\ndereference and panic) via an ioctl(TUNSETIFF) call with a dev name\ncontaining a / character. (bsc#1135603)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na hidPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bsc#1134848)\n\nCVE-2019-9500: An issue was discovered that lead to brcmfmac heap\nbuffer overflow. (bsc#1132681)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\nIntel(R) i915 Graphics for Linux may have allowed an authenticated\nuser to potentially enable escalation of privilege via local access.\n(bsc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\nnet/rds/tcp.c in the Linux kernel There was a race condition leading\nto a use-after-free, related to net namespace cleanup. (bsc#1135278)\n\nCVE-2018-16880: A flaw was found in the Linux kernel's handle_rx()\nfunction in the [vhost_net] driver. A malicious virtual guest, under\nspecific conditions, could trigger an out-of-bounds write in a\nkmalloc-8 slab on a virtual host which may have lead to a kernel\nmemory corruption and a system panic. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out. (bsc#1122767)\n\nCVE-2019-12819: The function __mdiobus_register() called put_device(),\nwhich triggered a fixed_mdio_bus_init use-after-free. This would cause\na denial of service. (bsc#1138291)\n\nCVE-2019-3882: A flaw was found in the Linux kernel's vfio interface\nimplementation that permitted violation of the user's locked memory\nlimit. If a device was bound to a vfio driver, such as vfio-pci, and\nthe local attacker is administratively granted ownership of the\ndevice, it may have caused a system memory exhaustion and thus a\ndenial of service (DoS). (bsc#1131427)\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bsc#1136424)\n\nCVE-2019-8564: An issue was discoved which meant that brcmfmac frame\nvalidation could be bypassed. (bsc#1132673)\n\nCVE-2019-9503: An issue was discoved which meant that brcmfmac frame\nvalidation could be bypassed. (bsc#1132828)\n\nCVE-2019-9003: In the Linux kernel, attackers could trigger a\ndrivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by\narranging for certain simultaneous execution of the code, as\ndemonstrated by a 'service ipmievd restart' loop. (bsc#1126704)\n\nCVE-2017-5753: Systems with microprocessors utilizing speculative\nexecution and branch prediction may have allowed unauthorized\ndisclosure of information to an attacker with local user access via a\nside-channel analysis.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs\nwhich will fragment the TCP retransmission queue. An attacker may have\nbeen able to further exploit the fragmented queue to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment\nits responses into multiple TCP segments. This would drastically\nincreased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC\nprocessing power.\n\nCVE-2018-16871: A NULL pointer dereference due to an anomalized NFS\nmessage sequence was fixed. (bnc#1137103).\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in\narch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup\nof prop->name, which might allow an attacker to cause a denial of\nservice (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2019-12817: On the PowerPC architecture, local attackers could\naccess other users processes memory (bnc#1138263).\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was\na race condition in smp_task_timedout() and smp_task_done() in\ndrivers/scsi/libsas/sas_expander.c, leading to a use-after-free\n(bnc#1134395).\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an\nattacker using the IP ID values the kernel produces for\nconnection-less protocols (e.g., UDP and ICMP). When such traffic was\nsent to multiple destination IP addresses, it was possible to obtain\nhash collisions (of indices to the counter array) and thereby obtain\nthe hashing key (via enumeration). An attack may have been conducted\nby hosting a crafted web page that uses WebRTC or gQUIC to force UDP\ntraffic to attacker-controlled IP addresses (bnc#1140575 1140577).\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial\nkernel address disclosure), leading to a KASLR bypass. Specifically,\nit was possible to extract the KASLR kernel image offset using the IP\nID values the kernel produces for connection-less protocols (e.g., UDP\nand ICMP). When such traffic was sent to multiple destination IP\naddresses, it was possible to obtain hash collisions (of indices to\nthe counter array) and thereby obtain the hashing key (via\nenumeration). This key contains enough bits from a kernel address (of\na static variable) so when the key was extracted (via enumeration),\nthe offset of the kernel image was exposed. This attack could be\ncarried out remotely, by the attacker forcing the target device to\nsend UDP or ICMP (or certain other) traffic to attacker-controlled IP\naddresses. Forcing a server to send UDP traffic is trivial if the\nserver is a DNS server. ICMP traffic is trivial if the server answers\nICMP Echo requests (ping). For client targets, if the target visits\nthe attacker's web page, then WebRTC or gQUIC can be used to force UDP\ntraffic to attacker-controlled IP addresses. NOTE: this attack against\nKASLR became viable because IP ID generation was changed to have a\ndependency on an address associated with a network namespace\n(bnc#1140577).\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did\nnot use locking or other mechanisms to prevent vma layout or vma flags\nchanges while it ran, which allowed local users to obtain sensitive\ninformation, cause a denial of service, or possibly have unspecified\nother impact by triggering a race condition with mmget_not_zero or\nget_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\nfs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c\n(bnc#1131645 1133738).\n\nCVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there\nwas a use-after-free for access to an LDT entry because of a race\ncondition between modify_ldt() and a #BR exception for an MPX bounds\nviolation (bnc#1140454).\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In\ncreate_qp_common in drivers/infiniband/hw/mlx5/qp.c,\nmlx5_ib_create_qp_resp was never initialized, resulting in a leak of\nstack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS\n(bsc#1139358).\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL\npointer dereference could occur when megasas_create_frame_pool()\nfailed in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of\nService, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c in the Linux kernel, a malicious USB\ndevice could send an HID report that triggered an out-of-bounds write\nduring generation of debugging messages. (bnc#1142023)\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory was disabled, a local user could cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-14283: In the Linux kernel, set_geometry in\ndrivers/block/floppy.c did not validate the sect and head fields, as\ndemonstrated by an integer overflow and out-of-bounds read. It could\nbe triggered by an unprivileged local user when a floppy disk was\ninserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allows a\ndenial of service by setup_format_params division-by-zero.\n(bnc#1143189)\n\nCVE-2019-12456: An issue was discovered in the MPT3COMMAND case in\n_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux. It\nallows local users to cause a denial of service or possibly have\nunspecified other impact by changing the value of ioc_number between\ntwo kernel reads of that value, aka a 'double fetch' vulnerability.\nNOTE: a third-party reports that this is unexploitable because the\ndoubly fetched value is not used. (bsc#1136922)\n\nCVE-2019-12380: An issue was discovered in the efi subsystem in the\nLinux kernel phys_efi_set_virtual_address_map in\narch/x86/platform/efi/efi.c and efi_call_phys_prolog in\narch/x86/platform/efi/efi_64.c mishandle memory allocation failures.\n(bsc#1136598)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143507\");\n # https://www.intel.com/content/dam/www/public/us/en/documents/corporate-info\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64f2f453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12127/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12130/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16871/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16880/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20855/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7191/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10124/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11091/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1125/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11486/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11810/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11811/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12380/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12382/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12817/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13631/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13648/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14283/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3882/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8564/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9003/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9500/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9503/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192430-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e3998d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1:zypper in -t patch\nSUSE-SLE-Module-RT-15-SP1-2019-2430=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2430=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-devel-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-debuginfo-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-4.12.14-14.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-source-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126950);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-1\");\n\n script_name(english:\"Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-aws\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-gcp\", pkgver:\"5.0.0-1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-kvm\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1012-azure\", pkgver:\"5.0.0-1012.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1013-raspi2\", pkgver:\"5.0.0-1013.13\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-snapdragon\", pkgver:\"5.0.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic-lpae\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-lowlatency\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1012.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1013.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.0.0.1017.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.21.22\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:47:12", "description": "USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4069-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-23-lowlatency", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4069-2.NASL", "href": "https://www.tenable.com/plugins/nessus/127792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127792);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\"\n );\n script_xref(name:\"USN\", value:\"4069-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4069-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4069-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11487\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.0.0': {\n 'generic': '5.0.0-23',\n 'generic-lpae': '5.0.0-23',\n 'lowlatency': '5.0.0-23'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4069-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-11487', 'CVE-2019-11599', 'CVE-2019-11833', 'CVE-2019-11884');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4069-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:10", "description": "The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC processing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\\0' character. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)\n\nCVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-azure", "p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-azure", "p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-extra", "p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-livepatch", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "p-cpe:/a:novell:suse_linux:kselftests-kmp-azure", "p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1535-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1535-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125996);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-7191\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\",\n \"CVE-2019-10124\",\n \"CVE-2019-11085\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11815\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that\none can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs\nwhich will fragment the TCP retransmission queue. An attacker may have\nbeen able to further exploit the fragmented queue to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment\nits responses into multiple TCP segments. This would drastically\nincreased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC\nprocessing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in\ndrivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an\nunchecked kstrdup of fwstr, which might have allowed an attacker to\ncause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may have been possible,\nas demonstrated by latency differences in accessing public files from\nan Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11487: The Linux kernel allowed page reference count\noverflow, with resultant use-after-free issues, if about 140 GiB of\nRAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might have\nallowed local users to obtain sensitive information by reading\nuninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel,\ndev_get_valid_name was not called before register_netdevice. This\nallowed local users to cause a denial of service (NULL pointer\ndereference and panic) via an ioctl(TUNSETIFF) call with a dev name\ncontaining a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\ni915 Graphics for Linux may have allowed an authenticated user to\npotentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\nnet/rds/tcp.c in the Linux kernel There was a race condition leading\nto a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na hidPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c in the Linux kernel had multiple race\nconditions. (bnc#1133188)\n\nCVE-2019-10124: An attacker could exploit an issue in the hwpoison\nimplementation to cause a denial of service (BUG). (bsc#1130699)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7191/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10124/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11486/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12382/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191535-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbfc0625\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Public Cloud 15:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-15-2019-1535=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1535=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-livepatch-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-livepatch-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-4.12.14-5.30.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-debuginfo-4.12.14-5.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:37", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC processing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1529-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1529-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125991);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-7191\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\",\n \"CVE-2019-10124\",\n \"CVE-2019-11085\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11815\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that\none can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs\nwhich will fragment the TCP retransmission queue. An attacker may have\nbeen able to further exploit the fragmented queue to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment\nits responses into multiple TCP segments. This would drastically\nincreased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC\nprocessing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in\ndrivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an\nunchecked kstrdup of fwstr, which might have allowed an attacker to\ncause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may have been possible,\nas demonstrated by latency differences in accessing public files from\nan Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11487: The Linux kernel allowed page reference count\noverflow, with resultant use-after-free issues, if about 140 GiB of\nRAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might have\nallowed local users to obtain sensitive information by reading\nuninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel,\ndev_get_valid_name was not called before register_netdevice. This\nallowed local users to cause a denial of service (NULL pointer\ndereference and panic) via an ioctl(TUNSETIFF) call with a dev name\ncontaining a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\ni915 Graphics for Linux may have allowed an authenticated user to\npotentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\nnet/rds/tcp.c in the Linux kernel There was a race condition leading\nto a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na HIDPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c in the Linux kernel had multiple race\nconditions. (bnc#1133188)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7191/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10124/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11486/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12382/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191529-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?364f5e0a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-1529=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1529=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-1529=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-1529=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-1529=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1529=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-1529=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:01", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC processing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\\0' character. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1530-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1530-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125992);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-7191\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\",\n \"CVE-2019-10124\",\n \"CVE-2019-11085\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11486\",\n \"CVE-2019-11487\",\n \"CVE-2019-11815\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted such that\none can trigger an integer overflow, leading to a kernel panic.\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs\nwhich will fragment the TCP retransmission queue. An attacker may have\nbeen able to further exploit the fragmented queue to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection.\n\nCVE-2019-11479: An attacker could force the Linux kernel to segment\nits responses into multiple TCP segments. This would drastically\nincreased the bandwidth required to deliver the same amount of data.\nFurther, it would consume additional resources such as CPU and NIC\nprocessing power.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-12382: An issue was discovered in drm_load_edid_firmware in\ndrivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an\nunchecked kstrdup of fwstr, which might have allowed an attacker to\ncause a denial of service (NULL pointer dereference and system crash).\n(bnc#1136586)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may have been possible,\nas demonstrated by latency differences in accessing public files from\nan Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11487: The Linux kernel allowed page reference count\noverflow, with resultant use-after-free issues, if about 140 GiB of\nRAM existed. It could have occured with FUSE requests. (bnc#1133190)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might have\nallowed local users to obtain sensitive information by reading\nuninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2018-7191: In the tun subsystem in the Linux kernel,\ndev_get_valid_name was not called before register_netdevice. This\nallowed local users to cause a denial of service (NULL pointer\ndereference and panic) via an ioctl(TUNSETIFF) call with a dev name\ncontaining a / character. (bnc#1135603)\n\nCVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\ni915 Graphics for Linux may have allowed an authenticated user to\npotentially enable escalation of privilege via local access.\n(bnc#1135278)\n\nCVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\nnet/rds/tcp.c in the Linux kernel There was a race condition leading\nto a use-after-free, related to net namespace cleanup. (bnc#1134537)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na hidPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bnc#1134848)\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c in the Linux kernel had multiple race\nconditions. (bnc#1133188)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7191/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10124/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11486/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11487/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12382/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191530-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa540a2e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1530=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1530=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1530=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-1530=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-1530=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1530=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:35", "description": "It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 19.04 : linux-aws vulnerabilities (USN-4117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10126", "CVE-2019-10638", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-3846", "CVE-2019-3900"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4117-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128477);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-10126\", \"CVE-2019-10638\", \"CVE-2019-12984\", \"CVE-2019-13233\", \"CVE-2019-13272\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3846\", \"CVE-2019-3900\");\n script_xref(name:\"USN\", value:\"4117-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 19.04 : linux-aws vulnerabilities (USN-4117-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-10126)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the Near-field communication (NFC) implementation in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux\nkernel when accessing LDT entries in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux\nkernel did not properly record credentials in some situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2019-13272)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nIt was discovered that the Marvell Wireless LAN device driver in the\nLinux kernel did not properly validate the BSS descriptor. A local\nattacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4117-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-5.0-aws and / or linux-image-aws\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-10126\", \"CVE-2019-10638\", \"CVE-2019-12984\", \"CVE-2019-13233\", \"CVE-2019-13272\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3846\", \"CVE-2019-3900\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4117-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1014-aws\", pkgver:\"5.0.0-1014.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1014.15\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-aws\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:23", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.(CVE-2018-16871)An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.(CVE-2018-20855)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass.\n Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.(CVE-2019-10639)** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.(CVE-2019-12378)**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because ?All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.?.(CVE-2019-12380)** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.(CVE-2019-12456)An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in netfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in netfc/llcp_core.c.(CVE-2019-12818)An issue was discovered in the Linux kernel before 5.0. The function\n __mdiobus_register() in driverset/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.(CVE-2019-12819)A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in netfcetlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.(CVE-2019-12984)In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE:\n SELinux deny_ptrace might be a usable workaround in some environments.(CVE-2019-13272)In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.(CVE-2019-13631)In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14283)In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14284)In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.(CVE-2019-14763)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.(CVE-2019-15211)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.(CVE-2019-16994)Note:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20855", "CVE-2018-20856", "CVE-2019-10639", "CVE-2019-12378", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15211", "CVE-2019-15292", "CVE-2019-16994"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1926.NASL", "href": "https://www.tenable.com/plugins/nessus/128929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128929);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-20855\",\n \"CVE-2018-20856\",\n \"CVE-2019-10639\",\n \"CVE-2019-12378\",\n \"CVE-2019-12380\",\n \"CVE-2019-12381\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\",\n \"CVE-2019-12984\",\n \"CVE-2019-13272\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-14763\",\n \"CVE-2019-15211\",\n \"CVE-2019-15292\",\n \"CVE-2019-16994\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):A flaw was found in the\n Linux kernel's NFS implementation, all versions 3.x and\n all versions 4.x up to 4.20. An attacker, who is able\n to mount an exported NFS filesystem, is able to trigger\n a null pointer dereference by using an invalid NFS\n sequence. This can panic the machine and deny access to\n the NFS server. Any outstanding disk writes to the NFS\n server will be lost.(CVE-2018-16871)An issue was\n discovered in the Linux kernel before 4.18.7. In\n create_qp_common in drivers/infiniband/hw/mlx5/qp.c,\n mlx5_ib_create_qp_resp was never initialized, resulting\n in a leak of stack memory to\n userspace.(CVE-2018-20855)An issue was discovered in\n the Linux kernel before 4.18.7. In block/blk-core.c,\n there is an __blk_drain_queue() use-after-free because\n a certain error case is mishandled.(CVE-2018-20856)The\n Linux kernel 4.x (starting from 4.1) and 5.x before\n 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass.\n Specifically, it is possible to extract the KASLR\n kernel image offset using the IP ID values the kernel\n produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and\n thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a\n static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is\n exposed. This attack can be carried out remotely, by\n the attacker forcing the target device to send UDP or\n ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is\n trivial if the server is a DNS server. ICMP traffic is\n trivial if the server answers ICMP Echo requests\n (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used\n to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became\n viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a\n network namespace.(CVE-2019-10639)** DISPUTED ** An\n issue was discovered in ip6_ra_control in\n net/ipv6/ipv6_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: This\n has been disputed as not an\n issue.(CVE-2019-12378)**DISPUTED** An issue was\n discovered in the efi subsystem in the Linux kernel\n through 5.1.5. phys_efi_set_virtual_address_map in\n arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory\n allocation failures. NOTE: This id is disputed as not\n being an issue because ?All the code touched by the\n referenced commit runs only at boot, before any user\n processes are started. Therefore, there is no\n possibility for an unprivileged user to control\n it.?.(CVE-2019-12380)** DISPUTED ** An issue was\n discovered in ip_ra_control in net/ipv4/ip_sockglue.c\n in the Linux kernel through 5.1.5. There is an\n unchecked kmalloc of new_ra, which might allow an\n attacker to cause a denial of service (NULL pointer\n dereference and system crash). NOTE: this is disputed\n because new_ra is never used if it is\n NULL.(CVE-2019-12381)** DISPUTED ** An issue was\n discovered in the MPT3COMMAND case in _ctl_ioctl_main\n in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux\n kernel through 5.1.5. It allows local users to cause a\n denial of service or possibly have unspecified other\n impact by changing the value of ioc_number between two\n kernel reads of that value, aka a 'double fetch'\n vulnerability. NOTE: a third party reports that this is\n unexploitable because the doubly fetched value is not\n used.(CVE-2019-12456)An issue was discovered in the\n Linux kernel before 4.20.15. The nfc_llcp_build_tlv\n function in netfc/llcp_commands.c may return NULL. If\n the caller does not check for this, it will trigger a\n NULL pointer dereference. This will cause denial of\n service. This affects nfc_llcp_build_gb in\n netfc/llcp_core.c.(CVE-2019-12818)An issue was\n discovered in the Linux kernel before 5.0. The function\n __mdiobus_register() in driverset/phy/mdio_bus.c calls\n put_device(), which will trigger a fixed_mdio_bus_init\n use-after-free. This will cause a denial of\n service.(CVE-2019-12819)A NULL pointer dereference\n vulnerability in the function\n nfc_genl_deactivate_target() in netfcetlink.c in the\n Linux kernel before 5.1.13 can be triggered by a\n malicious user-mode program that omits certain NFC\n attributes, leading to denial of\n service.(CVE-2019-12984)In the Linux kernel before\n 5.1.17, ptrace_link in kernel/ptrace.c mishandles the\n recording of the credentials of a process that wants to\n create a ptrace relationship, which allows local users\n to obtain root access by leveraging certain scenarios\n with a parent-child process relationship, where a\n parent drops privileges and calls execve (potentially\n allowing control by an attacker). One contributing\n factor is an object lifetime issue (which can also\n cause a panic). Another contributing factor is\n incorrect marking of a ptrace relationship as\n privileged, which is exploitable through (for example)\n Polkit's pkexec helper with PTRACE_TRACEME. NOTE:\n SELinux deny_ptrace might be a usable workaround in\n some environments.(CVE-2019-13272)In\n parse_hid_report_descriptor in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 5.2.1, a malicious USB device can send an HID report\n that triggers an out-of-bounds write during generation\n of debugging messages.(CVE-2019-13631)In the Linux\n kernel through 5.2.1 on the powerpc platform, when\n hardware transactional memory is disabled, a local user\n can cause a denial of service (TM Bad Thing exception\n and system crash) via a sigreturn() system call that\n sends a crafted signal frame. This affects\n arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the\n Linux kernel before 5.2.3, set_geometry in\n drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and\n out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been\n inserted. NOTE: QEMU creates the floppy device by\n default.(CVE-2019-14283)In the Linux kernel before\n 5.2.3, drivers/block/floppy.c allows a denial of\n service by setup_format_params division-by-zero. Two\n consecutive ioctls can trigger the bug: the first one\n should set the drive geometry with .sect and .rate\n values that make F_SECT_PER_TRACK be zero. Next, the\n floppy format operation should be called. It can be\n triggered by an unprivileged local user even when a\n floppy disk has not been inserted. NOTE: QEMU creates\n the floppy device by default.(CVE-2019-14284)In the\n Linux kernel before 4.16.4, a double-locking error in\n drivers/usb/dwc3/gadget.c may potentially cause a\n deadlock with f_hid.(CVE-2019-14763)An issue was\n discovered in the Linux kernel before 5.2.6. There is a\n use-after-free caused by a malicious USB device in the\n drivers/media/v4l2-core/v4l2-dev.c driver because\n drivers/media/radio/radio-raremono.c does not properly\n allocate memory.(CVE-2019-15211)An issue was discovered\n in the Linux kernel before 5.0.9. There is a\n use-after-free in atalk_proc_exit, related to\n net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)A flaw\n was found in the way the sit_init_net function in the\n Linux kernel handled resource cleanup on errors. This\n flaw allows an attacker to use the error conditions to\n crash the system.(CVE-2019-16994)Note:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions\n in EulerOS Virtualization for ARM 64 3.0.2.0 return\n incorrect time information when executing the uname -a\n command.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1926\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f4a8b79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15292\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h420\",\n \"perf-4.19.36-vhulk1907.1.0.h420\",\n \"python-perf-4.19.36-vhulk1907.1.0.h420\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:50:42", "description": "It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nBenjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service.\n(CVE-2019-15538)\n\nIt was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925)\n\nIt was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15926)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15217)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nIt was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4147-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1020-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-31-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-31-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-31-lowlatency", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4147-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4147-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129677);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-0136\",\n \"CVE-2019-10207\",\n \"CVE-2019-13631\",\n \"CVE-2019-15090\",\n \"CVE-2019-15117\",\n \"CVE-2019-15118\",\n \"CVE-2019-15211\",\n \"CVE-2019-15212\",\n \"CVE-2019-15215\",\n \"CVE-2019-15217\",\n \"CVE-2019-15218\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15223\",\n \"CVE-2019-15538\",\n \"CVE-2019-15925\",\n \"CVE-2019-15926\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"USN\", value:\"4147-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4147-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Intel Wi-Fi device driver in the Linux\nkernel did not properly validate certain Tunneled Direct Link Setup\n(TDLS). A physically proximate attacker could use this to cause a\ndenial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local\nattacker could use this to cause a denial of service. (CVE-2019-10207)\n\nIt was discovered that the GTCO tablet input driver in the Linux\nkernel did not properly bounds check the initial HID report sent by\nthe device. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nIt was discovered that an out-of-bounds read existed in the QLogic\nQEDI iSCSI Initiator Driver in the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information (kernel\nmemory). (CVE-2019-15090)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for\nthe Linux kernel did not properly validate device meta data. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for\nthe Linux kernel improperly performed recursion while handling device\nmeta data. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15118)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in\nthe Linux kernel did not properly allocate memory, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500\ndevice driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the CPiA2\nvideo4linux device driver for the Linux kernel, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB\nPrism54 device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nBenjamin Moody discovered that the XFS file system in the Linux kernel\ndid not properly handle an error condition when out of disk quota. A\nlocal attacker could possibly use this to cause a denial of service.\n(CVE-2019-15538)\n\nIt was discovered that the Hisilicon HNS3 ethernet device driver in\nthe Linux kernel contained an out of bounds access vulnerability. A\nlocal attacker could use this to possibly cause a denial of service\n(system crash). (CVE-2019-15925)\n\nIt was discovered that the Atheros mobile chipset driver in the Linux\nkernel did not properly validate data in some situations. An attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15926)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen\ndiscovered that the Bluetooth protocol BR/EDR specification did not\nproperly require sufficiently strong encryption key lengths. A\nphysically proximate attacker could use this to expose sensitive\ninformation. (CVE-2019-9506)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux\nkernel did not properly initialize memory. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15217)\n\nIt was discovered that the Siano USB MDTV receiver device driver in\nthe Linux kernel made improper assumptions about the device\ncharacteristics. A physically proximate attacker could use this cause\na denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux\nkernel did not properly validate data size information from the\ndevice. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15221)\n\nIt was discovered that the Line 6 USB driver for the Linux kernel\ncontained a race condition when the device was disconnected. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15223).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4147-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1020-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-31-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-31-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-31-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.0.0': {\n 'generic': '5.0.0-31',\n 'generic-lpae': '5.0.0-31',\n 'lowlatency': '5.0.0-31',\n 'gke': '5.0.0-1020'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4147-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-0136', 'CVE-2019-9506', 'CVE-2019-10207', 'CVE-2019-13631', 'CVE-2019-15090', 'CVE-2019-15117', 'CVE-2019-15118', 'CVE-2019-15211', 'CVE-2019-15212', 'CVE-2019-15215', 'CVE-2019-15217', 'CVE-2019-15218', 'CVE-2019-15220', 'CVE-2019-15221', 'CVE-2019-15223', 'CVE-2019-15538', 'CVE-2019-15925', 'CVE-2019-15926');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4147-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:59", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4670 advisory.\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\n depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. (CVE-2019-11815)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (root) can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. (CVE-2019-3819)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14633", "CVE-2018-20836", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3459", "CVE-2019-3819"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4670.NASL", "href": "https://www.tenable.com/plugins/nessus/125755", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4670.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125755);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-14633\",\n \"CVE-2018-20836\",\n \"CVE-2019-3459\",\n \"CVE-2019-3819\",\n \"CVE-2019-11810\",\n \"CVE-2019-11815\",\n \"CVE-2019-11884\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4670 advisory.\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote\n attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\n depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and\n thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is\n highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a\n race condition leading to a use-after-free, related to net namespace cleanup. (CVE-2019-11815)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a\n local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command,\n because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before\n 5.1-rc1. (CVE-2019-3459)\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c\n file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged\n user (root) can cause a system lock up and a denial of service. Versions from v4.18 and newer are\n vulnerable. (CVE-2019-3819)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4670.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.28.1.el6uek', '4.1.12-124.28.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4670');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.28.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.28.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.28.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.28.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:45:39", "description": "It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4093-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10126", "CVE-2019-1125", "CVE-2019-12614", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-3846"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1014-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-25-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-25-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-25-lowlatency", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4093-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4093-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127888);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2019-10126\",\n \"CVE-2019-1125\",\n \"CVE-2019-12614\",\n \"CVE-2019-12984\",\n \"CVE-2019-13233\",\n \"CVE-2019-13272\",\n \"CVE-2019-3846\"\n );\n script_xref(name:\"USN\", value:\"4093-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4093-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-1125)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux\nkernel did not properly check for allocation errors in some\nsituations. A local attacker could possibly use this to cause a denial\nof service (system crash). (CVE-2019-12614)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the Near-field communication (NFC) implementation in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux\nkernel when accessing LDT entries in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux\nkernel did not properly record credentials in some situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2019-13272)\n\nIt was discovered that the Marvell Wireless LAN device driver in the\nLinux kernel did not properly validate the BSS descriptor. A local\nattacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2019-3846).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4093-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1014-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-25-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-25-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-25-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.0.0': {\n 'generic': '5.0.0-25',\n 'generic-lpae': '5.0.0-25',\n 'lowlatency': '5.0.0-25',\n 'azure': '5.0.0-1014'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4093-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-1125', 'CVE-2019-3846', 'CVE-2019-10126', 'CVE-2019-12614', 'CVE-2019-12984', 'CVE-2019-13233', 'CVE-2019-13272');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4093-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:12", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135278).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). It was disabled by default.\n\n - CVE-2019-11811: There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427).\n\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843).\n\n - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed (bnc#1132681).\n\n - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828).\n\nThe following non-security bugs were fixed :\n\n - 9p: do not trust pdu content for stat item size (bsc#1051510).\n\n - 9p locks: add mount option for lock retry interval (bsc#1051510).\n\n - acpi: Add Hygon Dhyana support ().\n\n - acpi: Add Hygon Dhyana support (fate#327735).\n\n - acpi: button: reinitialize button state upon resume (bsc#1051510).\n\n - acpiCA: AML interpreter: add region addresses in global list during initialization (bsc#1051510).\n\n - acpiCA: Namespace: remove address node from global list after method termination (bsc#1051510).\n\n - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128) (bsc#1132426).\n\n - acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle (bsc#1111666).\n\n - acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666).\n\n - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).\n\n - acpi / utils: Drop reference in test for device presence (bsc#1051510).\n\n - alsa: core: Do not refer to snd_cards array directly (bsc#1051510).\n\n - alsa: core: Fix card races between register and disconnect (bsc#1051510).\n\n - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).\n\n - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510).\n\n - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).\n\n - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).\n\n - alsa: hda: Initialize power_state field properly (bsc#1051510).\n\n - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).\n\n - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510).\n\n - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).\n\n - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).\n\n - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).\n\n - alsa: hda/realtek - EAPD turn on later (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 (bsc#1111666).\n\n - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).\n\n - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).\n\n - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).\n\n - alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666).\n\n - alsa: hda/realtek - Support low power consumption for ALC256 (bsc#1051510).\n\n - alsa: hda/realtek - Support low power consumption for ALC295 (bsc#1051510).\n\n - alsa: hda - Register irq handler after the chip initialization (bsc#1051510).\n\n - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).\n\n - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).\n\n - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510).\n\n - alsa: line6: Avoid polluting led_* namespace (bsc#1051510).\n\n - alsa: line6: use dynamic buffers (bsc#1051510).\n\n - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510).\n\n - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).\n\n - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).\n\n - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).\n\n - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n\n - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).\n\n - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).\n\n - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).\n\n - alsa: seq: Remove superfluous irqsave flags (bsc#1051510).\n\n - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).\n\n - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).\n\n - alsa: timer: Coding style fixes (bsc#1051510).\n\n - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).\n\n - alsa: timer: Make sure to clear pending ack list (bsc#1051510).\n\n - alsa: timer: Revert active callback sync check at close (bsc#1051510).\n\n - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).\n\n - alsa: timer: Unify timer callback process code (bsc#1051510).\n\n - alsa: usb-audio: Fix a memory leak bug (bsc#1051510).\n\n - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n\n - alsa: usx2y: fix a double free bug (bsc#1051510).\n\n - appletalk: Fix compile regression (bsc#1051510).\n\n - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).\n\n - ARM: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).\n\n - ARM: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).\n\n - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).\n\n - ARM: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).\n\n - ARM: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).\n\n - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).\n\n - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).\n\n - ARM: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).\n\n - ARM: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).\n\n - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).\n\n - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510).\n\n - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510).\n\n - ASoC: fix valid stream condition (bsc#1051510).\n\n - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510).\n\n - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).\n\n - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510).\n\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n\n - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510).\n\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n\n - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510).\n\n - ASoC: nau8824: fix the issue of the widget with prefix name (bsc#1051510).\n\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).\n\n - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).\n\n - ASoC: stm32: fix sai driver name initialisation (bsc#1051510).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n\n - ASoC: topology: free created components in tplg load error (bsc#1051510).\n\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).\n\n - assume flash part size to be 4MB, if it can't be determined (bsc#1127371).\n\n - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510).\n\n - ath10k: avoid possible string overflow (bsc#1051510).\n\n - ath10k: snoc: fix unbalanced clock error handling (bsc#1111666).\n\n - audit: fix a memleak caused by auditing load module (bsc#1051510).\n\n - b43: shut up clang -Wuninitialized variable warning (bsc#1051510).\n\n - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510).\n\n - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510).\n\n - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).\n\n - bcache: add a comment in super.c (bsc#1130972).\n\n - bcache: add code comments for bset.c (bsc#1130972).\n\n - bcache: add comment for cache_set->fill_iter (bsc#1130972).\n\n - bcache: add identifier names to arguments of function definitions (bsc#1130972).\n\n - bcache: add missing SPDX header (bsc#1130972).\n\n - bcache: add MODULE_DESCRIPTION information (bsc#1130972).\n\n - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).\n\n - bcache: add static const prefix to char * array declarations (bsc#1130972).\n\n - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).\n\n - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).\n\n - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).\n\n - bcache: correct dirty data statistics (bsc#1130972).\n\n - bcache: do not assign in if condition in bcache_init() (bsc#1130972).\n\n - bcache: do not assign in if condition register_bcache() (bsc#1130972).\n\n - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).\n\n - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).\n\n - bcache: do not clone bio in bch_data_verify (bsc#1130972).\n\n - bcache: do not mark writeback_running too early (bsc#1130972).\n\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n\n - bcache: fix code comments style (bsc#1130972).\n\n - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).\n\n - bcache: fix indent by replacing blank by tabs (bsc#1130972).\n\n - bcache: fix input integer overflow of congested threshold (bsc#1130972).\n\n - bcache: fix input overflow to cache set io_error_limit (bsc#1130972).\n\n - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).\n\n - bcache: fix input overflow to journal_delay_ms (bsc#1130972).\n\n - bcache: fix input overflow to sequential_cutoff (bsc#1130972).\n\n - bcache: fix input overflow to writeback_delay (bsc#1130972).\n\n - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).\n\n - bcache: fix ioctl in flash device (bsc#1130972).\n\n - bcache: fix mistaken code comments in bcache.h (bsc#1130972).\n\n - bcache: fix mistaken comments in request.c (bsc#1130972).\n\n - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).\n\n - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).\n\n - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).\n\n - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).\n\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n\n - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).\n\n - bcache: Move couple of functions to sysfs.c (bsc#1130972).\n\n - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).\n\n - bcache: move open brace at end of function definitions to next line (bsc#1130972).\n\n - bcache: never writeback a discard operation (bsc#1130972).\n\n - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).\n\n - bcache: option to automatically run gc thread after writeback (bsc#1130972).\n\n - bcache: panic fix for making cache device (bsc#1130972).\n\n - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).\n\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n\n - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).\n\n - bcache: recal cached_dev_sectors on detach (bsc#1130972).\n\n - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).\n\n - bcache: remove unused bch_passthrough_cache (bsc#1130972).\n\n - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).\n\n - bcache: Replace bch_read_string_list() by\n __sysfs_match_string() (bsc#1130972).\n\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).\n\n - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).\n\n - bcache: replace printk() by pr_*() routines (bsc#1130972).\n\n - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).\n\n - bcache: set writeback_percent in a flexible range (bsc#1130972).\n\n - bcache: split combined if-condition code into separate ones (bsc#1130972).\n\n - bcache: stop bcache device when backing device is offline (bsc#1130972).\n\n - bcache: stop using the deprecated get_seconds() (bsc#1130972).\n\n - bcache: style fixes for lines over 80 characters (bsc#1130972).\n\n - bcache: style fix to add a blank line after declarations (bsc#1130972).\n\n - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).\n\n - bcache: treat stale && dirty keys as bad keys (bsc#1130972).\n\n - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).\n\n - bcache: update comment for bch_data_insert (bsc#1130972).\n\n - bcache: update comment in sysfs.c (bsc#1130972).\n\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).\n\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).\n\n - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).\n\n - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).\n\n - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).\n\n - bcm2835: MMC issues (bsc#1070872).\n\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n\n - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673).\n\n - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673).\n\n - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673).\n\n - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673).\n\n - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673).\n\n - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).\n\n - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673).\n\n - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673).\n\n - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).\n\n - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n\n - block: do not leak memory in bio_copy_user_iov() (bsc#1135309).\n\n - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673).\n\n - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673).\n\n - block: fix the return errno for direct IO (bsc#1135320).\n\n - block: fix use-after-free on gendisk (bsc#1135312).\n\n - block: Introduce blk_exit_queue() (bsc#1131673).\n\n - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).\n\n - block: remove bio_rewind_iter() (bsc#1131673).\n\n - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510).\n\n - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).\n\n - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731).\n\n - Bluetooth: hidp: fix buffer overflow (bsc#1051510).\n\n - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07).\n\n - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10).\n\n - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).\n\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n\n - bpf: fix use after free in bpf_evict_inode (bsc#1083647).\n\n - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n\n - brcmfmac: fix leak of mypkt on error return path (bsc#1111666).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes).\n\n - btrfs: breakout empty head cleanup to a helper (bsc#1134813).\n\n - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758).\n\n - btrfs: Do not panic when we can't find a root key (bsc#1112063).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code (bsc#1134813).\n\n - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848).\n\n - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).\n\n - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195).\n\n - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).\n\n - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).\n\n - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).\n\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n\n - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).\n\n - btrfs: split delayed ref head initialization and addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).\n\n - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).\n\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n\n - cfg80211: Handle WMM rules in regulatory domain intersection (bsc#1111666).\n\n - cgroup: fix parsing empty mount option string (bsc#1133094).\n\n - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).\n\n - cifs: do not dereference smb_file_target before null check (bsc#1051510).\n\n - cifs: Do not hide EINTR after sending network packets (bsc#1051510).\n\n - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).\n\n - cifs: Do not reset lease state to NONE on lease break (bsc#1051510).\n\n - cifs: Fix adjustment of credits for MTU requests (bsc#1051510).\n\n - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510).\n\n - cifs: Fix credits calculations for reads with errors (bsc#1051510).\n\n - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).\n\n - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).\n\n - cifs: Fix potential OOB access of lock element array (bsc#1051510).\n\n - cifs: Fix read after write for files with read caching (bsc#1051510).\n\n - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).\n\n - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510).\n\n - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).\n\n - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).\n\n - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).\n\n - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510).\n\n - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510).\n\n - cpufreq: Add Hygon Dhyana support ().\n\n - cpufreq: Add Hygon Dhyana support (fate#327735).\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735).\n\n - cpupowerutils: bench - Fix cpu online check (bsc#1051510).\n\n - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).\n\n - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510).\n\n - crypto: caam - add missing put_device() call (bsc#1129770).\n\n - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510).\n\n - crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666).\n\n - crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666).\n\n - crypto: caam/qi2 - generate hash keys in-place (bsc#1111666).\n\n - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510).\n\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510).\n\n - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).\n\n - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510).\n\n - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).\n\n - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).\n\n - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510).\n\n - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).\n\n - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).\n\n - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).\n\n - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510).\n\n - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).\n\n - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).\n\n - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).\n\n - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510).\n\n - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510).\n\n - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371).\n\n - cxgb4: Added missing break in ndo_udp_tunnel_(add/del) (bsc#1127371).\n\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).\n\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n\n - cxgb4: add per rx-queue counter for packet errors (bsc#1127371).\n\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).\n\n - cxgb4: add support to display DCB info (bsc#1127371).\n\n - cxgb4: Add support to read actual provisioned resources (bsc#1127371).\n\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n\n - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).\n\n - cxgb4: convert flower table to use rhashtable (bsc#1127371).\n\n - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371).\n\n - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).\n\n - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).\n\n - cxgb4/cxgb4vf: Link management changes (bsc#1127371).\n\n - cxgb4/cxgb4vf: Program hash region for (t4/t4vf)_change_mac() (bsc#1127371).\n\n - cxgb4: display number of rx and tx pages free (bsc#1127371).\n\n - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).\n\n - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).\n\n - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).\n\n - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).\n\n - cxgb4: Mask out interrupts that are not enabled (bsc#1127175).\n\n - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).\n\n - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371).\n\n - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).\n\n - cxgb4: remove the unneeded locks (bsc#1127371).\n\n - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).\n\n - cxgb4: Support ethtool private flags (bsc#1127371).\n\n - cxgb4: update supported DCB version (bsc#1127371).\n\n - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).\n\n - cxgb4vf: Few more link management changes (bsc#1127374).\n\n - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).\n\n - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).\n\n - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n\n - dccp: Fix memleak in __feat_register_sp (bsc#1051510).\n\n - debugfs: fix use-after-free on symlink traversal (bsc#1051510).\n\n - device_cgroup: fix RCU imbalance in error case (bsc#1051510).\n\n - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).\n\n - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).\n\n - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510).\n\n - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510).\n\n - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).\n\n - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510).\n\n - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).\n\n - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).\n\n - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).\n\n - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).\n\n - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).\n\n - drm/amd/display: extending AUX SW Timeout (bsc#1111666).\n\n - drm/amd/display: fix cursor black issue (bsc#1111666).\n\n - drm/amd/display: If one stream full updates, full update all planes (bsc#1111666).\n\n - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666).\n\n - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI) (bsc#1111666).\n\n - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510).\n\n - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).\n\n - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722)\n\n - drm/doc: Drop 'content type' from the legacy kms property table (bsc#1111666).\n\n - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510).\n\n - drm/exynos/mixer: fix MIXER shadow registry synchronisation code (bsc#1111666).\n\n - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510).\n\n - drm/fb-helper: generic: Call drm_client_add() after setup is done (bsc#1111666).\n\n - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).\n\n - drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897).\n\n - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).\n\n - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510).\n\n - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).\n\n - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled (bsc#1111666).\n\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)\n\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956)\n\n - drm/i915/gvt: Annotate iomem usage (bsc#1051510).\n\n - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510).\n\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)\n\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956)\n\n - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722)\n\n - drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt() (bsc#1111666).\n\n - drm/i915/gvt: Roundup fb->height into tile's height at calucation fb->size (bsc#1111666).\n\n - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666).\n\n - drm/imx: do not skip DP channel disable for background plane (bsc#1051510).\n\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722)\n\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113956)\n\n - drm/mediatek: fix possible object reference leak (bsc#1051510).\n\n - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722)\n\n - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support (bsc#1133593).\n\n - drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593).\n\n - drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593).\n\n - drm/nouveau: Add strap_peek to debugfs (bsc#1133593).\n\n - drm/nouveau/bar/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/bar/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/bios: translate additional memory types (bsc#1133593).\n\n - drm/nouveau/bios: translate USB-C connector type (bsc#1133593).\n\n - drm/nouveau/bios/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/bios/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/bus/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/bus/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/ce/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ce/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593).\n\n - drm/nouveau/core: increase maximum number of nvdec instances to 3 (bsc#1133593).\n\n - drm/nouveau/core: recognise TU102 (bsc#1133593).\n\n - drm/nouveau/core: recognise TU104 (bsc#1133593).\n\n - drm/nouveau/core: recognise TU106 (bsc#1133593).\n\n - drm/nouveau/core: support multiple nvdec instances (bsc#1133593).\n\n - drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS (bsc#1133593).\n\n - drm/nouveau/devinit/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/devinit/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0 (bsc#1133593).\n\n - drm/nouveau/disp: add support for setting scdc parameters for high modes (bsc#1133593).\n\n - drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593).\n\n - drm/nouveau/disp/gv100: fix name of window channels in debug output (bsc#1133593).\n\n - drm/nouveau/disp: keep track of high-speed state, program into clock (bsc#1133593).\n\n - drm/nouveau/disp: take sink support into account for exposing 594mhz (bsc#1133593).\n\n - drm/nouveau/disp/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/disp/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/dma/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/dma/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices (bsc#1133593).\n\n - drm/nouveau/drm/nouveau:\n s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593).\n\n - drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init() (bsc#1133593).\n\n - drm/nouveau/fault: add explicit control over fault buffer interrupts (bsc#1133593).\n\n - drm/nouveau/fault: remove manual mapping of fault buffers into BAR2 (bsc#1133593).\n\n - drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer (bsc#1133593).\n\n - drm/nouveau/fault/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fault/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/fb/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fb/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: return channel instance in ctor args (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: separate runlist building from committing to hw (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: support enabling privileged ce functions (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593).\n\n - drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593).\n\n - drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593).\n\n - drm/nouveau/fifo/gv100: return work submission token in channel ctor args (bsc#1133593).\n\n - drm/nouveau/fifo/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fifo/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Fix potential memory leak in nouveau_drm_load() (bsc#1133593).\n\n - drm/nouveau/fuse/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fuse/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/gpio/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/gpio/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/i2c/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/i2c/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/ibus/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ibus/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning address (bsc#1133593).\n\n - drm/nouveau/imem/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/imem/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/kms/nv50-: allow more flexibility with lut formats (bsc#1133593).\n\n - drm/nouveau/kms/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ltc/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ltc/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/mc/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/mc/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/mmu: add more general vmm free/node handling functions (bsc#1133593).\n\n - drm/nouveau/mmu/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/mmu/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593).\n\n - drm/nouveau/pci/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/pci/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/pmu/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/pmu/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593).\n\n - drm/nouveau: register backlight on pascal and newer (bsc#1133593).\n\n - drm/nouveau: remove left-over struct member (bsc#1133593).\n\n - drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593).\n\n - drm/nouveau: Start using new drm_dev initialization helpers (bsc#1133593).\n\n - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).\n\n - drm/nouveau/therm/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/therm/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/tmr/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/tmr/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/top/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/top/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).\n\n - drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666).\n\n - drm/panel: panel-innolux: set display off in innolux_panel_unprepare (bsc#1111666).\n\n - drm/pl111: Initialize clock spinlock early (bsc#1111666).\n\n - drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666).\n\n - drm/rockchip: fix for mailbox read validation (bsc#1051510).\n\n - drm/rockchip: fix for mailbox read validation (bsc#1111666).\n\n - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).\n\n - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)\n\n - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722)\n\n - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722)\n\n - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)\n\n - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722)\n\n - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind (bsc#1111666).\n\n - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722)\n\n - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bsc#1111666).\n\n - drm/tegra: hub: Fix dereference before check (bsc#1111666).\n\n - drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666).\n\n - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666).\n\n - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)\n\n - drm/udl: add a release method and delay modeset teardown (bsc#1085536)\n\n - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)\n\n - drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666).\n\n - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20).\n\n - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770).\n\n - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510).\n\n - e1000e: fix cyclic resets at link up with active tx (bsc#1051510).\n\n - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).\n\n - EDAC, amd64: Add Hygon Dhyana support ().\n\n - EDAC, amd64: Add Hygon Dhyana support (fate#327735).\n\n - ext4: actually request zeroing of inode table after grow (bsc#1135315).\n\n - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).\n\n - ext4: Do not warn when enabling DAX (bsc#1132894).\n\n - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).\n\n - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).\n\n - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510).\n\n - fix cgroup_do_mount() handling of failure exits (bsc#1133095).\n\n - Fix kabi after 'md: batch flush requests.' (bsc#1119680).\n\n - fix rtnh_ok() (git-fixes).\n\n - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937).\n\n - fm10k: Fix a potential NULL pointer dereference (bsc#1051510).\n\n - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).\n\n - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).\n\n - futex: Cure exit race (bsc#1050549).\n\n - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549).\n\n - futex: Handle early deadlock return correctly (bsc#1050549).\n\n - genetlink: Fix a memory leak on error path (networking-stable-19_03_28).\n\n - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).\n\n - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510).\n\n - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).\n\n - gpio: gpio-omap: fix level interrupt idling (bsc#1051510).\n\n - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).\n\n - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).\n\n - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).\n\n - HID: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510).\n\n - HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486).\n\n - HID: input: add mapping for Assistant key (bsc#1051510).\n\n - HID: input: add mapping for Expose/Overview key (bsc#1051510).\n\n - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510).\n\n - HID: input: add mapping for 'Toggle Display' key (bsc#1051510).\n\n - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).\n\n - HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510).\n\n - HID: logitech: check the return value of create_singlethread_workqueue (bsc#1051510).\n\n - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07).\n\n - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwrng: virtio - Avoid repeated init of completion (bsc#1051510).\n\n - i2c: imx: correct the method of getting private data in notifier_call (bsc#1111666).\n\n - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).\n\n - i2c: synquacer: fix enumeration of slave devices (bsc#1111666).\n\n - ibmvnic: Enable GRO (bsc#1132227).\n\n - ibmvnic: Fix completion structure initialization (bsc#1131659).\n\n - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).\n\n - igmp: fix incorrect unsolicit report count when join group (git-fixes).\n\n - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510).\n\n - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).\n\n - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).\n\n - iio: ad_sigma_delta: select channel when reading register (bsc#1051510).\n\n - iio: core: fix a possible circular locking dependency (bsc#1051510).\n\n - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).\n\n - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510).\n\n - iio: Fix scan mask selection (bsc#1051510).\n\n - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).\n\n - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).\n\n - inetpeer: fix uninit-value in inet_getpeer (git-fixes).\n\n - Input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510).\n\n - Input: introduce KEY_ASSISTANT (bsc#1051510).\n\n - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510).\n\n - Input: synaptics-rmi4 - fix possible double free (bsc#1051510).\n\n - Input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510).\n\n - intel_idle: add support for Jacobsville (jsc#SLE-5394).\n\n - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).\n\n - intel_th: pci: Add Comet Lake support (bsc#1051510).\n\n - io: accel: kxcjk1013: restore the range after resume (bsc#1051510).\n\n - iommu/amd: Set exclusion range correctly (bsc#1130425).\n\n - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006).\n\n - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007).\n\n - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).\n\n - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes).\n\n - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10).\n\n - ipconfig: Correctly initialise ic_nameservers (bsc#1051510).\n\n - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).\n\n - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier (bsc#1111666).\n\n - ipmi: Prevent use-after-free in deliver_response (bsc#1111666).\n\n - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510).\n\n - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).\n\n - ip_tunnel: Fix name string concatenate in\n __ip_tunnel_create() (git-fixes).\n\n - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n\n - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).\n\n - ipv6: fix cleanup ordering for pingv6 registration (git-fixes).\n\n - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).\n\n - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes).\n\n - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).\n\n - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n\n - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).\n\n - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510).\n\n - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15).\n\n - ipvlan: fix ipv6 outbound device (bsc#1051510).\n\n - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).\n\n - ipvs: fix buffer overflow with sync daemon and service (git-fixes).\n\n - ipvs: fix check on xmit to non-local addresses (git-fixes).\n\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510).\n\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).\n\n - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).\n\n - ipvs: fix stats update from local clients (git-fixes).\n\n - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).\n\n - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).\n\n - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).\n\n - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).\n\n - iwlwifi: fix driver operation for 5350 (bsc#1111666).\n\n - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).\n\n - kABI: protect functions using struct net_generic (bsc#1129845 LTC#176252).\n\n - kABI: protect ip_options_rcv_srr (kabi).\n\n - kABI: protect struct mlx5_td (kabi).\n\n - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252).\n\n - kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252).\n\n - kABI: restore icmp_send (kabi).\n\n - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510).\n\n - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510).\n\n - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).\n\n - kcm: switch order of device registration to fix a crash (bnc#1130527).\n\n - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510).\n\n - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510).\n\n - kernfs: do not set dentry->d_fsdata (boo#1133115).\n\n - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510).\n\n - KEYS: user: Align the payload buffer (bsc#1051510).\n\n - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078).\n\n - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563).\n\n - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).\n\n - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).\n\n - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561).\n\n - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).\n\n - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564).\n\n - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201).\n\n - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562).\n\n - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840).\n\n - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149).\n\n - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555).\n\n - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202).\n\n - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203).\n\n - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204).\n\n - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).\n\n - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570).\n\n - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571).\n\n - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).\n\n - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205).\n\n - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).\n\n - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).\n\n - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes).\n\n - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510).\n\n - leds: avoid races with workqueue (bsc#1051510).\n\n - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).\n\n - lib: add crc64 calculation routines (bsc#1130972).\n\n - libata: fix using DMA buffers on stack (bsc#1051510).\n\n - lib: do not depend on linux headers being installed (bsc#1130972).\n\n - lightnvm: if LUNs are already allocated fix return (bsc#1085535).\n\n - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510).\n\n - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).\n\n - mac80211: do not attempt to rename ERR_PTR() debugfs dirs (bsc#1111666).\n\n - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510).\n\n - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).\n\n - mac80211: fix unaligned access in mesh table hash function (bsc#1051510).\n\n - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode (bsc#1111666).\n\n - mac8390: Fix mmio access size probe (bsc#1051510).\n\n - md: batch flush requests (bsc#1119680).\n\n - md: Fix failed allocation of md_register_thread (git-fixes).\n\n - MD: fix invalid stored role for a disk (bsc#1051510).\n\n - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).\n\n - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).\n\n - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).\n\n - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).\n\n - media: cx23885: check allocation return (bsc#1051510).\n\n - media: davinci-isif: avoid uninitialized variable use (bsc#1051510).\n\n - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510).\n\n - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).\n\n - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).\n\n - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510).\n\n - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).\n\n - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).\n\n - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510).\n\n - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510).\n\n - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510).\n\n - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).\n\n - media: wl128x: prevent two potential buffer overflows (bsc#1051510).\n\n - mISDN: Check address length before reading address family (bsc#1051510).\n\n - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15).\n\n - mmc: core: fix possible use after free of host (bsc#1051510).\n\n - mmc: core: Fix tag set memory leak (bsc#1111666).\n\n - mmc: davinci: remove extraneous __init annotation (bsc#1051510).\n\n - mm: create non-atomic version of SetPageReserved for init use (jsc#SLE-6647).\n\n - mmc: sdhci: Fix data command CRC error handling (bsc#1051510).\n\n - mmc: sdhci: Handle auto-command errors (bsc#1051510).\n\n - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510).\n\n - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).\n\n - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).\n\n - mm/huge_memory: fix vmf_insert_pfn_(pmd, pud)() crash, handle unaligned addresses (bsc#1135330).\n\n - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935).\n\n - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825).\n\n - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07).\n\n - mt7601u: bump supported EEPROM version (bsc#1051510).\n\n - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).\n\n - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510).\n\n - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510).\n\n - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510).\n\n - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770).\n\n - mwifiex: do not advertise IBSS features without FW support (bsc#1129770).\n\n - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).\n\n - mwifiex: Make resume actually do something useful again on SDIO cards (bsc#1111666).\n\n - mwifiex: prevent an array overflow (bsc#1051510).\n\n - mwl8k: Fix rate_idx underflow (bsc#1051510).\n\n - net: Add header for usage of fls64() (networking-stable-19_02_20).\n\n - net: Add __icmp_send helper (networking-stable-19_03_07).\n\n - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28).\n\n - net: avoid false positives in untrusted gso validation (git-fixes).\n\n - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).\n\n - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).\n\n - net: bridge: add vlan_tunnel to bridge port policies (git-fixes).\n\n - net: bridge: fix per-port af_packet sockets (git-fixes).\n\n - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes).\n\n - net: datagram: fix unbounded loop in\n __skb_try_recv_datagram() (git-fixes).\n\n - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20).\n\n - net: dsa: legacy: do not unmask port bitmaps (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).\n\n - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10).\n\n - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes).\n\n - netfilter: bridge: ebt_among: add missing match size checks (git-fixes).\n\n - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes).\n\n - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes).\n\n - netfilter: drop template ct when conntrack is skipped (git-fixes).\n\n - netfilter: ebtables: handle string from userspace with care (git-fixes).\n\n - netfilter: ebtables: reject non-bridge targets (git-fixes).\n\n - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes).\n\n - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes).\n\n - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes).\n\n - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes).\n\n - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).\n\n - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v(4,6) (git-fixes).\n\n - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes).\n\n - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes).\n\n - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes).\n\n - netfilter: nf_tables: release chain in flushing set (git-fixes).\n\n - netfilter: x_ta
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1186)
