{"id": "OPENVAS:1361412562311220201452", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1452)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-04-16T00:00:00", "modified": "2020-04-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201452", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1452", "2020-1452"], "cvelist": ["CVE-2019-15090", "CVE-2017-18595", "CVE-2019-16233", "CVE-2019-15216", "CVE-2014-3180", "CVE-2019-12819", "CVE-2017-18551", "CVE-2019-18806", "CVE-2019-19965", "CVE-2019-3874", "CVE-2019-15924", "CVE-2019-11833", "CVE-2019-10220", "CVE-2019-15212", "CVE-2019-12456", "CVE-2017-18549", "CVE-2019-19447", "CVE-2017-18550", "CVE-2019-12382", "CVE-2019-19537", "CVE-2019-15916", "CVE-2018-5803", "CVE-2018-1000026", "CVE-2019-20054"], "immutableFields": [], "lastseen": "2020-04-17T17:00:52", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "altlinux", "idList": ["DA7EB86A979E50AA3788F1F41AC8607F"]}, {"type": "amazon", "idList": ["ALAS-2018-993", "ALAS2-2019-1214"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-09-01", "ANDROID:2019-12-01", "ANDROID:2020-03-01"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2018:1854", "CESA-2018:3083", "CESA-2019:2029", "CESA-2020:1016", "CESA-2020:4060"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:7D6795462AFD47DE31FD5B40467B68C4", "CFOUNDRY:80E5E37692FEC22672DA18E221852B5D", "CFOUNDRY:87EED6F38C9114A077795F94CEE1CCD3", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:C3D94F66B833B0AB95D359CF97DF9AA9", "CFOUNDRY:C4D1C1686A388941AD439B6E19ADC7F2", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2014-3180", "CVE-2017-18549", "CVE-2017-18550", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-1000026", "CVE-2018-5803", "CVE-2019-10220", "CVE-2019-11833", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12819", "CVE-2019-15090", "CVE-2019-15212", "CVE-2019-15216", "CVE-2019-15916", "CVE-2019-15924", "CVE-2019-16233", "CVE-2019-18806", "CVE-2019-19447", "CVE-2019-19537", "CVE-2019-19965", "CVE-2019-20054", "CVE-2019-3874"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DLA-2241-1:DE3AB", "DEBIAN:DLA-2241-2:3E557", "DEBIAN:DLA-2385-1:FDE93", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4187-1:E8170", "DEBIAN:DSA-4188-1:B3909", "DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4465-1:DDE47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3180", "DEBIANCVE:CVE-2017-18549", "DEBIANCVE:CVE-2017-18550", "DEBIANCVE:CVE-2017-18551", "DEBIANCVE:CVE-2017-18595", "DEBIANCVE:CVE-2018-1000026", "DEBIANCVE:CVE-2018-5803", "DEBIANCVE:CVE-2019-10220", "DEBIANCVE:CVE-2019-11833", "DEBIANCVE:CVE-2019-12382", "DEBIANCVE:CVE-2019-12456", "DEBIANCVE:CVE-2019-12819", "DEBIANCVE:CVE-2019-15090", "DEBIANCVE:CVE-2019-15212", "DEBIANCVE:CVE-2019-15216", "DEBIANCVE:CVE-2019-15916", "DEBIANCVE:CVE-2019-15924", "DEBIANCVE:CVE-2019-16233", "DEBIANCVE:CVE-2019-18806", "DEBIANCVE:CVE-2019-19447", "DEBIANCVE:CVE-2019-19537", "DEBIANCVE:CVE-2019-19965", "DEBIANCVE:CVE-2019-20054", "DEBIANCVE:CVE-2019-3874"]}, {"type": "f5", "idList": ["F5:K04337527", "F5:K29203191", "F5:K32196386", "F5:K35504111", "F5:K48073202", "F5:K52325031", "F5:K57418558", "F5:K58541692", "F5:K84310302"]}, {"type": "fedora", "idList": ["FEDORA:02DB1605FC5C", "FEDORA:03DA06180ED3", "FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:07B5A6CB4421", "FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:1BD5B6389B47", "FEDORA:25BDD6190ECF", "FEDORA:2836F613193B", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:344346042F3E", "FEDORA:3A3766C5B5A2", "FEDORA:3A69E60B3E88", "FEDORA:4002B609954A", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4CEF5610D7CA", "FEDORA:4F21B6125E50", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:54AA460F2356", "FEDORA:59E3F606D998", "FEDORA:5A4D662AE22C", "FEDORA:5BC786077CC2", "FEDORA:5D742610B071", "FEDORA:5E4536182D79", "FEDORA:60E4D618B8A2", "FEDORA:648496077DD1", "FEDORA:6B43460C450E", "FEDORA:6E67663233DB", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:754F860A98ED", "FEDORA:7640C641CB61", "FEDORA:79EAC605FC25", "FEDORA:84FBF6179A05", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:9801060D30FA", "FEDORA:98E8F6079A11", "FEDORA:AAF2F60D7C3E", "FEDORA:AB52460321C9", "FEDORA:AFCD261367A6", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:BF5EC607125E", "FEDORA:C0A4560C423F", "FEDORA:C1EA6603ECEC", "FEDORA:C4D496071279", "FEDORA:C63656040AE1", "FEDORA:C6AF860C4240", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:D3523607924A", "FEDORA:D6A96605FC57", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "4613957D820DCAFBB74BE1CB304042BC2F40D11AC7189E7AD20080A2A94DA39A", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "4E20FF6980EF77F8F7C53E254EBEB9AF129EF6EDA938A5BDE9CFA46C95393000", "4EB9296BFD68D252571B5D6DC4B8F35F382399784156B1882092311F11C715DC", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "6F75059EBDF719D84C8DC0CA4BAADF9428544BDAFCEEAE62F4225A55CA1E8AF0", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "9C5DF437CF62931EFEC03F0486D943184BF2DD6EABEC3C8E5309C6E15C55C4C1", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E", "DE367A059D35C909557795AD50F02620921B5CC13CC7F375C7C2F83A009A984C", "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F0B9B56079F884F041664405C90E1EA3DD557A7DC4ACA69220B7A78B68F6A1BD"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0107", "MGASA-2019-0171", "MGASA-2019-0172", "MGASA-2019-0185", "MGASA-2019-0196", "MGASA-2019-0197"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1214.NASL", "ALA_ALAS-2018-993.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS_RHSA-2018-1854.NASL", "CENTOS_RHSA-2018-3083.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-1016.NASL", "CENTOS_RHSA-2020-4060.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DLA-1823.NASL", "DEBIAN_DLA-1824.NASL", "DEBIAN_DLA-1919.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DLA-2241.NASL", "DEBIAN_DLA-2385.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "DEBIAN_DSA-4465.NASL", "EULEROS_SA-2018-1085.NASL", "EULEROS_SA-2018-1246.NASL", "EULEROS_SA-2018-1260.NASL", "EULEROS_SA-2018-1432.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-1586.NASL", "EULEROS_SA-2019-1692.NASL", "EULEROS_SA-2019-1702.NASL", "EULEROS_SA-2019-1793.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-1972.NASL", "EULEROS_SA-2019-2068.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2019-2106.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1158.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1292.NASL", "EULEROS_SA-2020-1368.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-2150.NASL", "F5_BIGIP_SOL48073202.NASL", "FEDORA_2018-03A6606CB5.NASL", "FEDORA_2018-2BCE10900E.NASL", "FEDORA_2018-7A62047E30.NASL", "FEDORA_2019-48B34FC991.NASL", "FEDORA_2019-7EC378191E.NASL", "FEDORA_2019-83858FC57B.NASL", "FEDORA_2019-C03EDA3CC6.NASL", "FEDORA_2019-F40BD7826F.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0089_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_17_1_3.NASL", "NUTANIX_NXSA-AOS-5_17_1_5.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2018-292.NASL", "OPENSUSE-2018-514.NASL", "OPENSUSE-2018-762.NASL", "OPENSUSE-2019-1479.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2307.NASL", "OPENSUSE-2019-2308.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2019-2503.NASL", "OPENSUSE-2019-2507.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2019-536.NASL", "OPENSUSE-2020-336.NASL", "OPENSUSE-2021-3876.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-3083.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2019-4570.NASL", "ORACLELINUX_ELSA-2019-4729.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4836.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2019-4854.NASL", "ORACLELINUX_ELSA-2019-4855.NASL", "ORACLELINUX_ELSA-2019-4878.NASL", "ORACLELINUX_ELSA-2020-2082.NASL", "ORACLELINUX_ELSA-2020-5508.NASL", "ORACLELINUX_ELSA-2020-5532.NASL", "ORACLELINUX_ELSA-2020-5533.NASL", "ORACLELINUX_ELSA-2020-5642.NASL", "ORACLELINUX_ELSA-2020-5644.NASL", "ORACLELINUX_ELSA-2020-5645.NASL", "ORACLELINUX_ELSA-2020-5649.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2020-5706.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5710.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5804.NASL", "ORACLELINUX_ELSA-2020-5844.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9473.NASL", "ORACLELINUX_ELSA-2021-9534.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2019-0038.NASL", "ORACLEVM_OVMSA-2019-0056.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "ORACLEVM_OVMSA-2021-0036.NASL", "PHOTONOS_PHSA-2018-1_0-0132.NASL", "PHOTONOS_PHSA-2018-1_0-0132_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0042.NASL", "PHOTONOS_PHSA-2018-2_0-0042_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0240_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0165_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0279_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0212_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0052_LINUX.NASL", "REDHAT-RHSA-2018-1854.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2018-3083.NASL", "REDHAT-RHSA-2018-3096.NASL", "REDHAT-RHSA-2019-0641.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2020-0740.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "REDHAT-RHSA-2020-1493.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2082.NASL", "REDHAT-RHSA-2020-2085.NASL", "REDHAT-RHSA-2020-2104.NASL", "REDHAT-RHSA-2020-2214.NASL", "REDHAT-RHSA-2020-2242.NASL", "REDHAT-RHSA-2020-2277.NASL", "REDHAT-RHSA-2020-2285.NASL", "REDHAT-RHSA-2020-2289.NASL", "REDHAT-RHSA-2020-2522.NASL", "REDHAT-RHSA-2020-2851.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-5206.NASL", "REDHAT-RHSA-2020-5430.NASL", "REDHAT-RHSA-2020-5656.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SL_20181030_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20200407_KERNEL_ON_SL7_X.NASL", "SL_20200512_KERNEL_ON_SL7_X.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2018-0785-1.NASL", "SUSE_SU-2018-0786-1.NASL", "SUSE_SU-2018-1366-1.NASL", "SUSE_SU-2018-1761-1.NASL", "SUSE_SU-2018-1762-1.NASL", "SUSE_SU-2018-1855-1.NASL", "SUSE_SU-2018-1855-2.NASL", "SUSE_SU-2018-2092-1.NASL", "SUSE_SU-2018-2332-1.NASL", "SUSE_SU-2018-2366-1.NASL", "SUSE_SU-2018-2860-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2706-1.NASL", "SUSE_SU-2019-2710-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2829-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2948-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3232-1.NASL", "SUSE_SU-2019-3233-1.NASL", "SUSE_SU-2019-3258-1.NASL", "SUSE_SU-2019-3260-1.NASL", "SUSE_SU-2019-3261-1.NASL", "SUSE_SU-2019-3263-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2019-3389-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0558-1.NASL", "SUSE_SU-2020-0559-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0580-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-14354-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-2491-1.NASL", "SUSE_SU-2020-2492-1.NASL", "SUSE_SU-2020-2497-1.NASL", "SUSE_SU-2020-2498-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2022-4561-1.NASL", "SUSE_SU-2022-4611-1.NASL", "UBUNTU_USN-3617-1.NASL", "UBUNTU_USN-3617-2.NASL", "UBUNTU_USN-3617-3.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3620-1.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3654-1.NASL", "UBUNTU_USN-3654-2.NASL", "UBUNTU_USN-3656-1.NASL", "UBUNTU_USN-3697-1.NASL", "UBUNTU_USN-3697-2.NASL", "UBUNTU_USN-3698-1.NASL", "UBUNTU_USN-3979-1.NASL", "UBUNTU_USN-3980-1.NASL", "UBUNTU_USN-3980-2.NASL", "UBUNTU_USN-3981-1.NASL", "UBUNTU_USN-3981-2.NASL", "UBUNTU_USN-3982-1.NASL", "UBUNTU_USN-3982-2.NASL", "UBUNTU_USN-4068-1.NASL", "UBUNTU_USN-4068-2.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4076-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4226-1.NASL", "UBUNTU_USN-4227-1.NASL", "UBUNTU_USN-4284-1.NASL", "UBUNTU_USN-4285-1.NASL", "UBUNTU_USN-4286-1.NASL", "UBUNTU_USN-4287-1.NASL", "UBUNTU_USN-4346-1.NASL", "VIRTUOZZO_VZA-2018-035.NASL", "VIRTUOZZO_VZA-2018-036.NASL", "VIRTUOZZO_VZA-2018-038.NASL", "VIRTUOZZO_VZA-2018-041.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310704465", "OPENVAS:1361412562310843492", "OPENVAS:1361412562310843493", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843498", "OPENVAS:1361412562310843500", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843530", "OPENVAS:1361412562310843531", "OPENVAS:1361412562310843535", "OPENVAS:1361412562310843572", "OPENVAS:1361412562310843573", "OPENVAS:1361412562310843574", "OPENVAS:1361412562310844004", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310844008", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844103", "OPENVAS:1361412562310844104", "OPENVAS:1361412562310844111", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844282", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310844341", "OPENVAS:1361412562310844342", "OPENVAS:1361412562310844343", "OPENVAS:1361412562310844347", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310851723", "OPENVAS:1361412562310851762", "OPENVAS:1361412562310851987", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852737", "OPENVAS:1361412562310852772", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852870", "OPENVAS:1361412562310852891", "OPENVAS:1361412562310852928", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310852970", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310853070", "OPENVAS:1361412562310874140", "OPENVAS:1361412562310874141", "OPENVAS:1361412562310874196", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875334", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876446", "OPENVAS:1361412562310876449", "OPENVAS:1361412562310876466", "OPENVAS:1361412562310876467", "OPENVAS:1361412562310876476", "OPENVAS:1361412562310876477", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876484", "OPENVAS:1361412562310876488", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310891369", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892114", "OPENVAS:1361412562310892241", "OPENVAS:1361412562311220181085", "OPENVAS:1361412562311220181246", "OPENVAS:1361412562311220181260", "OPENVAS:1361412562311220181432", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220191586", "OPENVAS:1361412562311220191692", "OPENVAS:1361412562311220191702", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220191972", "OPENVAS:1361412562311220192068", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192106", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201158", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201292", "OPENVAS:1361412562311220201368", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201674"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-1854", "ELSA-2018-3083", "ELSA-2018-4161", "ELSA-2018-4164", "ELSA-2019-2029", "ELSA-2019-3517", "ELSA-2019-4570", "ELSA-2019-4729", "ELSA-2019-4746", "ELSA-2019-4836", "ELSA-2019-4850", "ELSA-2019-4854", "ELSA-2019-4855", "ELSA-2019-4878", "ELSA-2020-1016", "ELSA-2020-1769", "ELSA-2020-2082", "ELSA-2020-4060", "ELSA-2020-4431", "ELSA-2020-5508", "ELSA-2020-5532", "ELSA-2020-5533", "ELSA-2020-5642", "ELSA-2020-5644", "ELSA-2020-5645", "ELSA-2020-5649", "ELSA-2020-5676", "ELSA-2020-5706", "ELSA-2020-5708", "ELSA-2020-5710", "ELSA-2020-5715", "ELSA-2020-5804", "ELSA-2020-5844", "ELSA-2020-5845", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5885", "ELSA-2021-9002", "ELSA-2021-9473", "ELSA-2021-9534"]}, {"type": "osv", "idList": ["OSV:DLA-1369-1", "OSV:DLA-1771-1", "OSV:DLA-1823-1", "OSV:DLA-1824-1", "OSV:DLA-1884-1", "OSV:DLA-1919-1", "OSV:DLA-1930-1", "OSV:DLA-2068-1", "OSV:DLA-2114-1", "OSV:DLA-2241-1", "OSV:DLA-2385-1", "OSV:DSA-4187-1", "OSV:DSA-4188-1", "OSV:DSA-4465-1"]}, {"type": "photon", "idList": ["PHSA-2018-0031", "PHSA-2018-0033", "PHSA-2018-0042", "PHSA-2018-0122", "PHSA-2018-0132", "PHSA-2018-0150", "PHSA-2018-1.0-0122", "PHSA-2018-1.0-0132", "PHSA-2018-2.0-0042", "PHSA-2019-0007", "PHSA-2019-0009", "PHSA-2019-0015", "PHSA-2019-0021", "PHSA-2019-0026", "PHSA-2019-0036", "PHSA-2019-0142", "PHSA-2019-0147", "PHSA-2019-0151", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0165", "PHSA-2019-0189", "PHSA-2019-0221", "PHSA-2019-0236", "PHSA-2019-0240", "PHSA-2019-0255", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0238", "PHSA-2019-1.0-0240", "PHSA-2019-1.0-0255", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0165", "PHSA-2019-3.0-0007", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0036", "PHSA-2020-0052", "PHSA-2020-0212", "PHSA-2020-0274", "PHSA-2020-1.0-0274", "PHSA-2020-1.0-0279", "PHSA-2020-2.0-0212", "PHSA-2020-3.0-0052"]}, {"type": "redhat", "idList": ["RHSA-2018:1854", "RHSA-2018:2948", "RHSA-2018:3083", "RHSA-2018:3096", "RHSA-2019:0641", "RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2020:0740", "RHSA-2020:1016", "RHSA-2020:1070", "RHSA-2020:1493", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:2082", "RHSA-2020:2085", "RHSA-2020:2104", "RHSA-2020:2214", "RHSA-2020:2242", "RHSA-2020:2277", "RHSA-2020:2285", "RHSA-2020:2289", "RHSA-2020:2522", "RHSA-2020:2851", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5206", "RHSA-2020:5430", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2020:5656"]}, {"type": "redhatcve", "idList": ["RH:CVE-2014-3180", "RH:CVE-2017-18549", "RH:CVE-2017-18550", "RH:CVE-2017-18551", "RH:CVE-2017-18595", "RH:CVE-2018-1000026", "RH:CVE-2018-5803", "RH:CVE-2019-10220", "RH:CVE-2019-11833", "RH:CVE-2019-12382", "RH:CVE-2019-12456", "RH:CVE-2019-12819", "RH:CVE-2019-15090", "RH:CVE-2019-15212", "RH:CVE-2019-15216", "RH:CVE-2019-15916", "RH:CVE-2019-15924", "RH:CVE-2019-16233", "RH:CVE-2019-18806", "RH:CVE-2019-19447", "RH:CVE-2019-19537", "RH:CVE-2019-19965", "RH:CVE-2019-20054", "RH:CVE-2019-3874"]}, {"type": "slackware", "idList": ["SSA-2019-169-01", "SSA-2020-086-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0781-1", "OPENSUSE-SU-2018:1418-1", "OPENSUSE-SU-2018:2119-1", "OPENSUSE-SU-2019:1479-1", "OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2307-1", "OPENSUSE-SU-2019:2308-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2019:2503-1", "OPENSUSE-SU-2019:2507-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2020:0336-1", "OPENSUSE-SU-2021:3876-1", "SUSE-SU-2018:0785-1", "SUSE-SU-2018:0786-1", "SUSE-SU-2018:0986-1"]}, {"type": "symantec", "idList": ["SMNTC-111222", "SMNTC-111286", "SMNTC-111292", "SMNTC-111313"]}, {"type": "ubuntu", "idList": ["USN-3617-1", "USN-3617-2", "USN-3617-3", "USN-3619-1", "USN-3619-2", "USN-3620-1", "USN-3620-2", "USN-3632-1", "USN-3654-1", "USN-3654-2", "USN-3656-1", "USN-3697-1", "USN-3697-2", "USN-3698-1", "USN-3698-2", "USN-3979-1", "USN-3980-1", "USN-3980-2", "USN-3981-1", "USN-3981-2", "USN-3982-1", "USN-3982-2", "USN-4068-1", "USN-4068-2", "USN-4069-1", "USN-4069-2", "USN-4076-1", "USN-4094-1", "USN-4095-2", "USN-4115-1", "USN-4115-2", "USN-4118-1", "USN-4147-1", "USN-4226-1", "USN-4227-1", "USN-4227-2", "USN-4284-1", "USN-4285-1", "USN-4286-1", "USN-4286-2", "USN-4287-1", "USN-4287-2", "USN-4346-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3180", "UB:CVE-2017-18549", "UB:CVE-2017-18550", "UB:CVE-2017-18551", "UB:CVE-2017-18595", "UB:CVE-2018-1000026", "UB:CVE-2018-5803", "UB:CVE-2019-10220", "UB:CVE-2019-11833", "UB:CVE-2019-12382", "UB:CVE-2019-12456", "UB:CVE-2019-12819", "UB:CVE-2019-15090", "UB:CVE-2019-15212", "UB:CVE-2019-15216", "UB:CVE-2019-15916", "UB:CVE-2019-15924", "UB:CVE-2019-16233", "UB:CVE-2019-18806", "UB:CVE-2019-19447", "UB:CVE-2019-19537", "UB:CVE-2019-19965", "UB:CVE-2019-20054", "UB:CVE-2019-3874", "UB:CVE-2019-9454"]}, {"type": "veracode", "idList": ["VERACODE:21066", "VERACODE:21915", "VERACODE:21916", "VERACODE:22923", "VERACODE:25102", "VERACODE:25397", "VERACODE:26792", "VERACODE:26972", "VERACODE:27310", "VERACODE:27693", "VERACODE:27753", "VERACODE:27764"]}, {"type": "virtuozzo", "idList": ["VZA-2018-035", "VZA-2018-036", "VZA-2018-038", "VZA-2018-040", "VZA-2018-041", "VZA-2020-036", "VZA-2020-037"]}, {"type": "zdt", "idList": ["1337DAY-ID-29921"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "amazon", "idList": ["ALAS-2018-993"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-11-01", "ANDROID:2020-03-01"]}, {"type": "centos", "idList": ["CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2014-3180", "CVE-2018-1000026", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12819", "CVE-2019-16233"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4465-1:304F1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3180", "DEBIANCVE:CVE-2017-18549", "DEBIANCVE:CVE-2017-18550", "DEBIANCVE:CVE-2017-18551", "DEBIANCVE:CVE-2017-18595", "DEBIANCVE:CVE-2018-1000026", "DEBIANCVE:CVE-2018-5803", "DEBIANCVE:CVE-2019-10220", "DEBIANCVE:CVE-2019-11833", "DEBIANCVE:CVE-2019-12382", "DEBIANCVE:CVE-2019-12456", "DEBIANCVE:CVE-2019-12819", "DEBIANCVE:CVE-2019-15090", "DEBIANCVE:CVE-2019-15212", "DEBIANCVE:CVE-2019-15216", "DEBIANCVE:CVE-2019-15916", "DEBIANCVE:CVE-2019-15924", "DEBIANCVE:CVE-2019-16233", "DEBIANCVE:CVE-2019-18806", "DEBIANCVE:CVE-2019-19447", "DEBIANCVE:CVE-2019-19537", "DEBIANCVE:CVE-2019-19965", "DEBIANCVE:CVE-2019-20054", "DEBIANCVE:CVE-2019-3874"]}, {"type": "f5", "idList": ["F5:K35504111", "F5:K48073202", "F5:K84310302"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:5D742610B071", "FEDORA:5E4536182D79", "FEDORA:60E4D618B8A2", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:AAF2F60D7C3E", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "ibm", "idList": ["7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-20054/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-20054/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2018-993.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "EULEROS_SA-2018-1085.NASL", "EULEROS_SA-2020-1536.NASL", "FEDORA_2018-03A6606CB5.NASL", "FEDORA_2018-7A62047E30.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "OPENSUSE-2018-292.NASL", "OPENSUSE-2019-1479.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2307.NASL", "OPENSUSE-2019-2308.NASL", "OPENSUSE-2019-536.NASL", "ORACLELINUX_ELSA-2019-4570.NASL", "ORACLELINUX_ELSA-2019-4729.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLEVM_OVMSA-2019-0038.NASL", "REDHAT-RHSA-2019-0641.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2082.NASL", "REDHAT-RHSA-2020-2085.NASL", "REDHAT-RHSA-2020-2104.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20200407_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2018-2860-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2706-1.NASL", "SUSE_SU-2019-2710-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2829-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3217-1.NASL", "UBUNTU_USN-3617-1.NASL", "UBUNTU_USN-3617-2.NASL", "UBUNTU_USN-3617-3.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3620-1.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3697-1.NASL", "UBUNTU_USN-3697-2.NASL", "UBUNTU_USN-3698-1.NASL", "UBUNTU_USN-3979-1.NASL", "UBUNTU_USN-3980-1.NASL", "UBUNTU_USN-3980-2.NASL", "UBUNTU_USN-3981-1.NASL", "UBUNTU_USN-3981-2.NASL", "UBUNTU_USN-3982-1.NASL", "UBUNTU_USN-3982-2.NASL", "UBUNTU_USN-4068-1.NASL", "UBUNTU_USN-4068-2.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4076-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4346-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310704465", "OPENVAS:1361412562310843492", "OPENVAS:1361412562310843493", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843498", "OPENVAS:1361412562310843500", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843572", "OPENVAS:1361412562310843573", "OPENVAS:1361412562310843574", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852737", "OPENVAS:1361412562310874140", "OPENVAS:1361412562310874141", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876446", "OPENVAS:1361412562310876449", "OPENVAS:1361412562310876466", "OPENVAS:1361412562310876467", "OPENVAS:1361412562310876476", "OPENVAS:1361412562310876477", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876484", "OPENVAS:1361412562310876488", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310891369", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562311220201536"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4161", "ELSA-2020-2082"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0122", "PHSA-2018-1.0-0132", "PHSA-2018-2.0-0042", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0238", "PHSA-2019-1.0-0240", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0165", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0026", "PHSA-2020-1.0-0274", "PHSA-2020-1.0-0279", "PHSA-2020-2.0-0212", "PHSA-2020-3.0-0052"]}, {"type": "redhat", "idList": ["RHSA-2020:2082"]}, {"type": "redhatcve", "idList": ["RH:CVE-2014-3180", "RH:CVE-2017-18595", "RH:CVE-2018-1000026", "RH:CVE-2019-10220", "RH:CVE-2019-15916", "RH:CVE-2019-16233", "RH:CVE-2019-18806", "RH:CVE-2019-19447", "RH:CVE-2019-19537", "RH:CVE-2019-20054", "RH:CVE-2019-3874"]}, {"type": "slackware", "idList": ["SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0781-1", "OPENSUSE-SU-2019:1479-1", "OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2307-1", "OPENSUSE-SU-2019:2308-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2021:3876-1", "SUSE-SU-2018:0785-1", "SUSE-SU-2018:0786-1"]}, {"type": "symantec", "idList": ["SMNTC-111292"]}, {"type": "ubuntu", "idList": ["USN-3617-1", "USN-3617-2", "USN-3617-3", "USN-3619-1", "USN-3619-2", "USN-3620-1", "USN-3620-2", "USN-3632-1", "USN-3697-1", "USN-3697-2", "USN-3698-1", "USN-3698-2", "USN-4115-2", "USN-4147-1", "USN-4346-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3180", "UB:CVE-2017-18549", "UB:CVE-2017-18550", "UB:CVE-2017-18551", "UB:CVE-2017-18595", "UB:CVE-2019-10220", "UB:CVE-2019-15090", "UB:CVE-2019-15212", "UB:CVE-2019-15216", "UB:CVE-2019-15916", "UB:CVE-2019-15924", "UB:CVE-2019-16233", "UB:CVE-2019-18806", "UB:CVE-2019-19447", "UB:CVE-2019-19965", "UB:CVE-2019-20054"]}, {"type": "virtuozzo", "idList": ["VZA-2018-035", "VZA-2018-036", "VZA-2018-038"]}, {"type": "zdt", "idList": ["1337DAY-ID-29921"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-15090", "epss": "0.000450000", "percentile": "0.120530000", "modified": "2023-03-15"}, {"cve": "CVE-2017-18595", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2019-16233", "epss": "0.000450000", "percentile": "0.120530000", "modified": "2023-03-15"}, {"cve": "CVE-2019-15216", "epss": "0.000970000", "percentile": "0.390880000", "modified": "2023-03-15"}, {"cve": "CVE-2014-3180", "epss": "0.001270000", "percentile": "0.455920000", "modified": "2023-03-15"}, {"cve": "CVE-2019-12819", "epss": "0.000450000", "percentile": "0.122320000", "modified": "2023-03-15"}, {"cve": "CVE-2017-18551", "epss": "0.000450000", "percentile": "0.120530000", "modified": "2023-03-15"}, {"cve": "CVE-2019-18806", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2019-19965", "epss": "0.000630000", "percentile": "0.253970000", "modified": "2023-03-15"}, {"cve": "CVE-2019-3874", "epss": "0.002220000", "percentile": "0.587150000", "modified": "2023-03-15"}, {"cve": "CVE-2019-15924", "epss": "0.000760000", "percentile": "0.305190000", "modified": "2023-03-15"}, {"cve": "CVE-2019-11833", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2019-10220", "epss": "0.002100000", "percentile": "0.571630000", "modified": "2023-03-15"}, {"cve": "CVE-2019-15212", "epss": "0.001170000", "percentile": "0.440460000", "modified": "2023-03-15"}, {"cve": "CVE-2019-12456", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2017-18549", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2019-19447", "epss": "0.002560000", "percentile": "0.616930000", "modified": "2023-03-15"}, {"cve": "CVE-2017-18550", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2019-12382", "epss": "0.000450000", "percentile": "0.122320000", "modified": "2023-03-15"}, {"cve": "CVE-2019-19537", "epss": "0.001370000", "percentile": "0.474320000", "modified": "2023-03-15"}, {"cve": "CVE-2019-15916", "epss": "0.008350000", "percentile": "0.794430000", "modified": "2023-03-15"}, {"cve": "CVE-2018-5803", "epss": "0.000460000", "percentile": "0.139990000", "modified": "2023-03-15"}, {"cve": "CVE-2018-1000026", "epss": "0.005090000", "percentile": "0.729460000", "modified": "2023-03-15"}, {"cve": "CVE-2019-20054", "epss": "0.000450000", "percentile": "0.120530000", "modified": "2023-03-15"}], "vulnersScore": 0.3}, "_state": {"dependencies": 1678957314, "score": 1678962848, "epss": 1678957426}, "_internal": {"score_hash": "1eb0c5207ecc253316ea697d209cf4e3"}, "pluginID": "1361412562311220201452", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1452\");\n script_version(\"2020-04-16T05:54:57+0000\");\n script_cve_id(\"CVE-2014-3180\", \"CVE-2017-18549\", \"CVE-2017-18550\", \"CVE-2017-18551\", \"CVE-2017-18595\", \"CVE-2018-1000026\", \"CVE-2018-5803\", \"CVE-2019-10220\", \"CVE-2019-11833\", \"CVE-2019-12382\", \"CVE-2019-12456\", \"CVE-2019-12819\", \"CVE-2019-15090\", \"CVE-2019-15212\", \"CVE-2019-15216\", \"CVE-2019-15916\", \"CVE-2019-15924\", \"CVE-2019-16233\", \"CVE-2019-18806\", \"CVE-2019-19447\", \"CVE-2019-19537\", \"CVE-2019-19965\", \"CVE-2019-20054\", \"CVE-2019-3874\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:54:57 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:54:57 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1452)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1452\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1452\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1452 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447)\n\nThis candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-10220)\n\n** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)\n\nIn the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e(CVE-2019-20054)\n\npointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.(CVE-2019-19965)'\n\nIn the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.(CVE-2019-19537)\n\nLinux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..(CVE-2018-1000026)\n\ndrivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16233)\n\nThe SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.(CVE-2019-3874)\n\nfs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.(CVE-2019-11833)\n\nA memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks"}
{"nessus": [{"lastseen": "2023-02-28T15:00:57", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447)Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.(CVE-2019-10220)** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e(CVE-2019-20054)pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.(CVE-2019-19965)'In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..(CVE-2018-1000026)drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16233)The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.(CVE-2019-3874)fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.(CVE-2019-11833)A memory leak in the ql_alloc_large_buffers() function in driverset/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)An issue was discovered in the Linux kernel before 5.0.11.\n fm10k_init_module in driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/coreet-sysfs.c, which will cause denial of service.(CVE-2019-15916)An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in the Linux kernel before 5.1.8.\n There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)An issue was discovered in the Linux kernel before 5.0. The function\n __mdiobus_register() in driverset/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.(CVE-2019-12819)** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.(CVE-2019-12456)An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.(CVE-2019-12382)In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.(CVE-2017-18550)An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.(CVE-2017-18549)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3180", "CVE-2017-18549", "CVE-2017-18550", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-1000026", "CVE-2018-5803", "CVE-2019-10220", "CVE-2019-11833", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12819", "CVE-2019-15090", "CVE-2019-15212", "CVE-2019-15216", "CVE-2019-15916", "CVE-2019-15924", "CVE-2019-16233", "CVE-2019-18806", "CVE-2019-19447", "CVE-2019-19537", "CVE-2019-19965", "CVE-2019-20054", "CVE-2019-3874"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1452.NASL", "href": "https://www.tenable.com/plugins/nessus/135614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135614);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2014-3180\",\n \"CVE-2017-18549\",\n \"CVE-2017-18550\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2018-5803\",\n \"CVE-2018-1000026\",\n \"CVE-2019-3874\",\n \"CVE-2019-10220\",\n \"CVE-2019-11833\",\n \"CVE-2019-12382\",\n \"CVE-2019-12456\",\n \"CVE-2019-12819\",\n \"CVE-2019-15090\",\n \"CVE-2019-15212\",\n \"CVE-2019-15216\",\n \"CVE-2019-15916\",\n \"CVE-2019-15924\",\n \"CVE-2019-16233\",\n \"CVE-2019-18806\",\n \"CVE-2019-19447\",\n \"CVE-2019-19537\",\n \"CVE-2019-19965\",\n \"CVE-2019-20054\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In the Linux kernel\n 5.0.21, mounting a crafted ext4 filesystem image,\n performing some operations, and unmounting can lead to\n a use-after-free in ext4_put_super in fs/ext4/super.c,\n related to dump_orphan_list in\n fs/ext4/super.c.(CVE-2019-19447)Linux kernel CIFS\n implementation, version 4.9.0 is vulnerable to a\n relative paths injection in directory entry\n lists.(CVE-2019-10220)** DISPUTED ** In kernel/compat.c\n in the Linux kernel before 3.17, as used in Google\n Chrome OS and other products, there is a possible\n out-of-bounds read. restart_syscall uses uninitialized\n data when restarting compat_sys_nanosleep. NOTE: this\n is disputed because the code path is\n unreachable.(CVE-2014-3180)In the Linux kernel before\n 5.0.6, there is a NULL pointer dereference in\n drop_sysctl_table() in fs/proc/proc_sysctl.c, related\n to put_links, aka\n CID-23da9588037e(CVE-2019-20054)pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of\n mishandling of port disconnection during discovery,\n related to a PHY down race condition, aka\n CID-f70267f379b5.(CVE-2019-19965)'In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects\n drivers/usb/core/file.c.(CVE-2019-19537)Linux Linux\n kernel version at least v4.8 onwards, probably well\n before contains a Insufficient input validation\n vulnerability in bnx2x network card driver that can\n result in DoS: Network card firmware assertion takes\n card off-line. This attack appear to be exploitable via\n An attacker on a must pass a very large, specially\n crafted packet to the bnx2x card. This can be done from\n an untrusted guest\n VM..(CVE-2018-1000026)drivers/scsi/qla2xxx/qla_os.c in\n the Linux kernel 5.2.14 does not check the\n alloc_workqueue return value, leading to a NULL pointer\n dereference.(CVE-2019-16233)The SCTP socket buffer used\n by a userspace application is not accounted by the\n cgroups subsystem. An attacker can use this flaw to\n cause a denial of service attack. Kernel 3.10.x and\n 4.18.x branches are believed to be\n vulnerable.(CVE-2019-3874)fs/ext4/extents.c in the\n Linux kernel through 5.1.2 does not zero out the unused\n memory region in the extent tree block, which might\n allow local users to obtain sensitive information by\n reading uninitialized data in the\n filesystem.(CVE-2019-11833)A memory leak in the\n ql_alloc_large_buffers() function in\n driverset/ethernet/qlogic/qla3xxx.c in the Linux kernel\n before 5.3.5 allows local users to cause a denial of\n service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)An issue was\n discovered in the Linux kernel before 5.0.11.\n fm10k_init_module in\n driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL\n pointer dereference because there is no -ENOMEM upon an\n alloc_workqueue failure.(CVE-2019-15924)An issue was\n discovered in the Linux kernel before 5.0.1. There is a\n memory leak in register_queue_kobjects() in\n net/coreet-sysfs.c, which will cause denial of\n service.(CVE-2019-15916)An issue was discovered in the\n Linux kernel before 5.0.14. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An\n issue was discovered in the Linux kernel before 5.1.8.\n There is a double-free caused by a malicious USB device\n in the drivers/usb/misc/rio500.c\n driver.(CVE-2019-15212)An issue was discovered in\n drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before\n 5.1.12. In the qedi_dbg_* family of functions, there is\n an out-of-bounds read.(CVE-2019-15090)An issue was\n discovered in the Linux kernel before 5.0. The function\n __mdiobus_register() in driverset/phy/mdio_bus.c calls\n put_device(), which will trigger a fixed_mdio_bus_init\n use-after-free. This will cause a denial of\n service.(CVE-2019-12819)** DISPUTED ** An issue was\n discovered in the MPT3COMMAND case in _ctl_ioctl_main\n in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux\n kernel through 5.1.5. It allows local users to cause a\n denial of service or possibly have unspecified other\n impact by changing the value of ioc_number between two\n kernel reads of that value, aka a 'double fetch'\n vulnerability. NOTE: a third party reports that this is\n unexploitable because the doubly fetched value is not\n used.(CVE-2019-12456)An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference.(CVE-2019-12382)In the Linux Kernel\n before version 4.15.8, 4.14.25, 4.9.87, 4.4.121,\n 4.1.51, and 3.2.102, an error in the\n '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP packets\n length can be exploited to cause a kernel\n crash.(CVE-2018-5803)An issue was discovered in the\n Linux kernel before 4.14.11. A double free may be\n caused by the function allocate_trace_buffer in the\n file kernel/trace/trace.c.(CVE-2017-18595)An issue was\n discovered in drivers/i2c/i2c-core-smbus.c in the Linux\n kernel before 4.14.15. There is an out of bounds write\n in the function\n i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was\n discovered in drivers/scsi/aacraid/commctrl.c in the\n Linux kernel before 4.13. There is potential exposure\n of kernel stack memory because aac_get_hba_info does\n not initialize the hbainfo structure.(CVE-2017-18550)An\n issue was discovered in drivers/scsi/aacraid/commctrl.c\n in the Linux kernel before 4.13. There is potential\n exposure of kernel stack memory because\n aac_send_raw_srb does not initialize the reply\n structure.(CVE-2017-18549)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1452\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f070bac5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2014-3180\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_72\",\n \"kernel-devel-3.10.0-862.14.1.6_72\",\n \"kernel-headers-3.10.0-862.14.1.6_72\",\n \"kernel-tools-3.10.0-862.14.1.6_72\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_72\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_72\",\n \"perf-3.10.0-862.14.1.6_72\",\n \"python-perf-3.10.0-862.14.1.6_72\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T14:55:47", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5508 advisory.\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5508)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2019-15807", "CVE-2019-16233"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5508.NASL", "href": "https://www.tenable.com/plugins/nessus/132762", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5508.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132762);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-18595\", \"CVE-2019-15807\", \"CVE-2019-16233\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5508)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5508 advisory.\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5508.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.35.1.el6uek', '4.1.12-124.35.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5508');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.35.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.35.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.35.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.35.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.35.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.35.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.35.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.35.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.35.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.35.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.35.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.35.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T15:52:08", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)\n\n - An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)\n\n - An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)\n\n - The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-13695)\n\n - The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-13694)\n\n - The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-13693)\n\n - Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.(CVE-2014-3183)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.(CVE-2019-15214)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1972)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3183", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-18595", "CVE-2019-15090", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15917"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1972.NASL", "href": "https://www.tenable.com/plugins/nessus/129129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129129);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3183\",\n \"CVE-2017-13693\",\n \"CVE-2017-13694\",\n \"CVE-2017-13695\",\n \"CVE-2017-18595\",\n \"CVE-2019-15090\",\n \"CVE-2019-15212\",\n \"CVE-2019-15213\",\n \"CVE-2019-15214\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15917\"\n );\n script_bugtraq_id(\n 69766\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1972)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Linux kernel before\n 5.1.8. There is a double-free caused by a malicious USB\n device in the drivers/usb/misc/rio500.c\n driver.(CVE-2019-15212)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a use-after-free caused by a malicious\n USB device in the\n drivers/media/usb/dvb-usb/dvb-usb-init.c\n driver.(CVE-2019-15213)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/cpia2/cpia2_usb.c\n driver.(CVE-2019-15215)\n\n - An issue was discovered in the Linux kernel before\n 5.0.14. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/yurex.c\n driver.(CVE-2019-15216)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c\n driver.(CVE-2019-15217)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c\n in the Linux kernel before 5.1.12. In the qedi_dbg_*\n family of functions, there is an out-of-bounds\n read.(CVE-2019-15090)\n\n - An issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file\n kernel/trace/trace.c.(CVE-2017-18595)\n\n - The acpi_ns_evaluate() function in\n drivers/acpi/acpica/nseval.c in the Linux kernel\n through 4.12.9 does not flush the operand cache and\n causes a kernel stack dump, which allows local users to\n obtain sensitive information from kernel memory and\n bypass the KASLR protection mechanism (in the kernel\n through 4.9) via a crafted ACPI table.(CVE-2017-13695)\n\n - The acpi_ps_complete_final_op() function in\n drivers/acpi/acpica/psobject.c in the Linux kernel\n through 4.12.9 does not flush the node and node_ext\n caches and causes a kernel stack dump, which allows\n local users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13694)\n\n - The acpi_ds_create_operands() function in\n drivers/acpi/acpica/dsutils.c in the Linux kernel\n through 4.12.9 does not flush the operand cache and\n causes a kernel stack dump, which allows local users to\n obtain sensitive information from kernel memory and\n bypass the KASLR protection mechanism (in the kernel\n through 4.9) via a crafted ACPI table.(CVE-2017-13693)\n\n - Heap-based buffer overflow in the\n logi_dj_ll_raw_request function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel\n before 3.16.2 allows physically proximate attackers to\n cause a denial of service (system crash) or possibly\n execute arbitrary code via a crafted device that\n specifies a large report size for an LED\n report.(CVE-2014-3183)\n\n - An issue was discovered in the Linux kernel before\n 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto()\n in drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)\n\n - An issue was discovered in the Linux kernel before\n 5.0.10. There is a use-after-free in the sound\n subsystem because card disconnection causes certain\n data structures to be deleted too early. This is\n related to sound/core/init.c and\n sound/core/info.c.(CVE-2019-15214)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1972\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2550685\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.2.h249.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.2.h249.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.2.h249.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.2.h249.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.2.h249.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.2.h249.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.2.h249.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:52:15", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5206 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-24T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:5206)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551", "CVE-2019-19046", "CVE-2019-19447", "CVE-2019-9454", "CVE-2020-12770"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_eus:7.7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.7:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-5206.NASL", "href": "https://www.tenable.com/plugins/nessus/143241", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5206. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143241);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2019-9454\",\n \"CVE-2019-19046\",\n \"CVE-2019-19447\",\n \"CVE-2020-12770\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5206\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:5206)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5206 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19447\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 400, 401, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2019-9454', 'CVE-2019-19046', 'CVE-2019-19447', 'CVE-2020-12770');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:5206');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.40.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.40.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-10T14:55:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5430 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:5430)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551", "CVE-2019-19447", "CVE-2019-20636", "CVE-2019-9454", "CVE-2020-12770"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-5430.NASL", "href": "https://www.tenable.com/plugins/nessus/144280", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5430. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144280);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2019-9454\",\n \"CVE-2019-19447\",\n \"CVE-2019-20636\",\n \"CVE-2020-12770\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5430\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:5430)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5430 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-20636\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19447\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 401, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2019-9454', 'CVE-2019-19447', 'CVE-2019-20636', 'CVE-2020-12770');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:5430');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.81.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.81.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:37:53", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5645 advisory.\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5645)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18806"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5645.NASL", "href": "https://www.tenable.com/plugins/nessus/135433", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5645.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135433);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-18806\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5645)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5645 advisory.\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the\n Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by\n triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5645.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18806\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.321.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5645');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.321.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.321.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.321.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.321.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.321.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.321.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.321.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.321.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.321.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.321.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:54:06", "description": "An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551).\n\nImpact\n\nThis vulnerability may allow an attacker to overwrite memory beyond the intended buffer.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K48073202)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551"], "modified": "2021-04-23T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL48073202.NASL", "href": "https://www.tenable.com/plugins/nessus/144435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K48073202.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144435);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/23\");\n\n script_cve_id(\"CVE-2017-18551\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K48073202)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux\nkernel before 4.14.15. There is an out of bounds write in the function\ni2c_smbus_xfer_emulated. (CVE-2017-18551).\n\nImpact\n\nThis vulnerability may allow an attacker to overwrite memory beyond\nthe intended buffer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K48073202\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K48073202.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K48073202\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"15.1.3\",\"14.1.3.1\",\"13.1.3.6\",\"12.1.5.3\",\"11.6.5.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T15:03:18", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2104 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595)\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c (CVE-2019-15538)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2020:2104)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551", "CVE-2017-18595", "CVE-2019-12614", "CVE-2019-15538", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19768", "CVE-2019-9454", "CVE-2020-10711", "CVE-2020-9383"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-2104.NASL", "href": "https://www.tenable.com/plugins/nessus/136496", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2104. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136496);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2019-9454\",\n \"CVE-2019-12614\",\n \"CVE-2019-15538\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19768\",\n \"CVE-2020-9383\",\n \"CVE-2020-10711\"\n );\n script_bugtraq_id(108550);\n script_xref(name:\"RHSA\", value:\"2020:2104\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:2104)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2104 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c\n (CVE-2017-18595)\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c (CVE-2019-15538)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause\n kernel panic (CVE-2020-10711)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1718176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1746777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1810685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-abi-whitelists package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18595\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19447\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 125, 400, 416, 476, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2017-18595', 'CVE-2019-9454', 'CVE-2019-12614', 'CVE-2019-15538', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19768', 'CVE-2020-9383', 'CVE-2020-10711');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:2104');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-abi-whitelists-4.14.0-115.21.2.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-abi-whitelists');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-03T14:15:17", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5532 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15916"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5532.NASL", "href": "https://www.tenable.com/plugins/nessus/133663", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5532.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133663);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-15916\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5532 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5532.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15916\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.319.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5532');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.319.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.319.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:52:49", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments.\n If the Maximum Segment Size (MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increases the Linux kernel's resource (CPU, Memory, and Bandwidth) utilization. A remote attacker could use this flaw to cause a denial of service (DoS) by repeatedly sending network traffic on a TCP connection with low TCP MSS.(CVE-2019-11479)An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection.(CVE-2019-11478)An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).(CVE-2019-11477)A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.(CVE-2019-12382)Note1:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.Note2: The kernel version number naming format has been changed after 4.19.36-1.2.184.aarch64, the new version format is 4.19.36-vhulk1907.1.0.hxxx.aarch64, which may lead to false positives of this security advisory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1702)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833", "CVE-2019-12382"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1702.NASL", "href": "https://www.tenable.com/plugins/nessus/126544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126544);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11833\",\n \"CVE-2019-12382\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1702)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):An excessive resource\n consumption flaw was found in the way the Linux\n kernel's networking subsystem processed TCP segments.\n If the Maximum Segment Size (MSS) of a TCP connection\n was set to low values, such as 48 bytes, it can leave\n as little as 8 bytes for the user data, which\n significantly increases the Linux kernel's resource\n (CPU, Memory, and Bandwidth) utilization. A remote\n attacker could use this flaw to cause a denial of\n service (DoS) by repeatedly sending network traffic on\n a TCP connection with low TCP MSS.(CVE-2019-11479)An\n excessive resource consumption flaw was found in the\n way the Linux kernel's networking subsystem processed\n TCP Selective Acknowledgment (SACK) segments. While\n processing SACK segments, the Linux kernel's socket\n buffer (SKB) data structure becomes fragmented, which\n leads to increased resource utilization to traverse and\n process these fragments as further SACK segments are\n received on the same TCP connection. A remote attacker\n could use this flaw to cause a denial of service (DoS)\n by sending a crafted sequence of SACK segments on a TCP\n connection.(CVE-2019-11478)An integer overflow flaw was\n found in the way the Linux kernel's networking\n subsystem processed TCP Selective Acknowledgment (SACK)\n segments. While processing SACK segments, the Linux\n kernel's socket buffer (SKB) data structure becomes\n fragmented. Each fragment is about TCP maximum segment\n size (MSS) bytes. To efficiently process SACK blocks,\n the Linux kernel merges multiple fragmented SKBs into\n one, potentially overflowing the variable holding the\n number of segments. A remote attacker could use this\n flaw to crash the Linux kernel by sending a crafted\n sequence of SACK segments on a TCP connection with\n small value of TCP MSS, resulting in a denial of\n service (DoS).(CVE-2019-11477)A flaw was found in the\n Linux kernel's implementation of ext4 extent\n management. The kernel doesn't correctly initialize\n memory regions in the extent tree block which may be\n exported to a local user to obtain sensitive\n information by reading empty/uninitialized data from\n the filesystem.(CVE-2019-11833)** DISPUTED ** An issue\n was discovered in drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference.(CVE-2019-12382)Note1:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions\n in EulerOS Virtualization for ARM 64 3.0.2.0 return\n incorrect time information when executing the uname -a\n command.Note2: The kernel version number naming format\n has been changed after 4.19.36-1.2.184.aarch64, the new\n version format is 4.19.36-vhulk1907.1.0.hxxx.aarch64,\n which may lead to false positives of this security\n advisory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1702\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c8f7a45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11833\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-1.2.184\",\n \"kernel-devel-4.19.36-1.2.184\",\n \"kernel-headers-4.19.36-1.2.184\",\n \"kernel-tools-4.19.36-1.2.184\",\n \"kernel-tools-libs-4.19.36-1.2.184\",\n \"kernel-tools-libs-devel-4.19.36-1.2.184\",\n \"perf-4.19.36-1.2.184\",\n \"python-perf-4.19.36-1.2.184\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:28:47", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2020-1.0-0279", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16233"], "modified": "2020-05-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0279_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/134040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0279. The text\n# itself is copyright (C) VMware, Inc.\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134040);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/05\");\n\n script_cve_id(\"CVE-2019-16233\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2020-1.0-0279\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-279.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-dev-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-docs-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-sound-4.4.213-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-tools-4.4.213-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:33:57", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-26T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2020-2.0-0212", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16233"], "modified": "2020-05-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0212_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/134084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0212. The text\n# itself is copyright (C) VMware, Inc.\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134084);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/05\");\n\n script_cve_id(\"CVE-2019-16233\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2020-2.0-0212\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-212.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.210-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-debuginfo-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-devel-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-docs-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-debuginfo-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-sound-4.9.210-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-tools-4.9.210-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:39:22", "description": "The 4.15.4 update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-02-26T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2018-03a6606cb5)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000026"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-03A6606CB5.NASL", "href": "https://www.tenable.com/plugins/nessus/106987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-03a6606cb5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106987);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000026\");\n script_xref(name:\"FEDORA\", value:\"2018-03a6606cb5\");\n\n script_name(english:\"Fedora 26 : kernel (2018-03a6606cb5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.15.4 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-03a6606cb5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1000026\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-03a6606cb5\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.15.4-200.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:39:02", "description": "The 4.15.4 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-02-26T00:00:00", "type": "nessus", "title": "Fedora 27 : kernel (2018-7a62047e30)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000026"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-7A62047E30.NASL", "href": "https://www.tenable.com/plugins/nessus/106989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7a62047e30.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106989);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000026\");\n script_xref(name:\"FEDORA\", value:\"2018-7a62047e30\");\n\n script_name(english:\"Fedora 27 : kernel (2018-7a62047e30)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.15.4 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a62047e30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1000026\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-7a62047e30\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.15.4-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-03-05T15:24:05", "description": "The 5.0.19 update contains a number of important fixes across the tree\n\n----\n\nThe 5.0.18 kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-48b34fc991)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11833"], "modified": "2020-01-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-48B34FC991.NASL", "href": "https://www.tenable.com/plugins/nessus/125684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-48b34fc991.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125684);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2019-11833\");\n script_xref(name:\"FEDORA\", value:\"2019-48b34fc991\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-48b34fc991)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.19 update contains a number of important fixes across the tree\n\n----\n\nThe 5.0.18 kernel update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-48b34fc991\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11833\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-48b34fc991\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.0.19-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.0.19-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.0.19-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T14:58:38", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735\n\n - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251\n\nOther security fixes :\n\nCVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966)\n\nCVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967)\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2948-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-16233"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130948", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2948-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130948);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0154\", \"CVE-2019-0155\", \"CVE-2019-10220\", \"CVE-2019-11135\", \"CVE-2019-16233\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2948-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-12207: Untrusted virtual machines on Intel CPUs\n could exploit a race condition in the Instruction Fetch\n Unit of the Intel CPU to cause a Machine Exception\n during Page Size Change, causing the CPU core to be\n non-functional.\n\nThe Linux Kernel KVM hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as needed. More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735\n\n - CVE-2019-11135: Aborting an asynchronous TSX operation\n on Intel CPUs with Transactional Memory support could be\n used to facilitate sidechannel information leaks out of\n microarchitectural buffers, similar to the previously\n described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX\noperation altogether (requiring CPU Microcode updates on older\nsystems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251\n\nOther security fixes :\n\nCVE-2019-0154: Fixed a local denial of service via read of unprotected\ni915 registers. (bsc#1135966)\n\nCVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch\nbuffers from usermode could have escalated privileges via blitter\ncommand stream. (bsc#1135967)\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the\nalloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-0154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-0155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10220/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7024251\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?300d526a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-2948=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2948=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2948=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-2948=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-2948=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2948=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:17:08", "description": "The openSUSE Leap 15.1 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic.\n (bsc#1137586).\n\n - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)\n\n - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.\n (bsc#1137586)\n\n - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291).\n\n - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).\n\n - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. (bnc#1136922)\n\n - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598).\n\n - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424).\n\n - CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699)\n\n - CVE-2019-12382: In the drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586).\n\n - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10124", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11487", "CVE-2019-12380", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-3846"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1571.NASL", "href": "https://www.tenable.com/plugins/nessus/126059", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1571.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126059);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-10124\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11487\",\n \"CVE-2019-12380\",\n \"CVE-2019-12382\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\",\n \"CVE-2019-3846\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.1 was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-11477: A sequence of SACKs may have been\n crafted by a remote attacker such that one can trigger\n an integer overflow, leading to a kernel panic.\n (bsc#1137586).\n\n - CVE-2019-11478: It was possible to send a crafted\n sequence of SACKs which would fragment the TCP\n retransmission queue. A remote attacker may have been\n able to further exploit the fragmented queue to cause an\n expensive linked-list walk for subsequent SACKs received\n for that same TCP connection. (bsc#1137586)\n\n - CVE-2019-11479: It was possible to send a crafted\n sequence of SACKs which would fragment the RACK send\n map. A remote attacker may be able to further exploit\n the fragmented send map to cause an expensive\n linked-list walk for subsequent SACKs received for that\n same TCP connection. This would have resulted in excess\n resource consumption due to low mss values.\n (bsc#1137586)\n\n - CVE-2019-12819: The function __mdiobus_register() in\n drivers/net/phy/mdio_bus.c calls put_device(), which\n will trigger a fixed_mdio_bus_init use-after-free. This\n will cause a denial of service (bnc#1138291).\n\n - CVE-2019-12818: The nfc_llcp_build_tlv function in\n net/nfc/llcp_commands.c may return NULL. If the caller\n did not check for this, it will trigger a NULL pointer\n dereference. This will cause denial of service. This\n affects nfc_llcp_build_gb in net/nfc/llcp_core.c\n (bnc#1138293).\n\n - CVE-2019-12456: An issue was discovered in the\n MPT3COMMAND case in _ctl_ioctl_main in\n drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local\n users to cause a denial of service or possibly have\n unspecified other impact by changing the value of\n ioc_number between two kernel reads of that value, aka a\n 'double fetch' vulnerability. (bnc#1136922)\n\n - CVE-2019-12380: An issue was discovered in the efi\n subsystem in the Linux kernel\n phys_efi_set_virtual_address_map in\n arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory\n allocation failures (bnc#1136598).\n\n - CVE-2019-3846: A flaw that allowed an attacker to\n corrupt memory and possibly escalate privileges was\n found in the mwifiex kernel module while connecting to a\n malicious wireless network (bnc#1136424).\n\n - CVE-2019-10124: An attacker could exploit an issue in\n the hwpoison implementation to cause a denial of service\n (BUG). (bsc#1130699)\n\n - CVE-2019-12382: In the drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup\n of fwstr, which might allow an attacker to cause a\n denial of service (NULL pointer dereference and system\n crash) (bnc#1136586).\n\n - CVE-2019-11487: The Linux kernel allowed page->_refcount\n reference count overflow, with resultant use-after-free\n issues, if about 140 GiB of RAM exists. This is related\n to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests (bnc#1133190).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138375\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:17:08", "description": "Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic.\n (bsc#1137586).\n\n - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)\n\n - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.\n (bsc#1137586)\n\n - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291).\n\n - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).\n\n - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability (bnc#1136922).\n\n - CVE-2019-12380: phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598).\n\n - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190).\n\n - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424).\n\n - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586).\n\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281).\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11190, CVE-2019-11191: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat (bnc#1131543 bnc#1132374 bnc#1132472).\n\nThe following non-security bugs were fixed :\n\n - ALSA: line6: use dynamic buffers (bnc#1012382).\n\n - ARM: dts: pfla02: increase phy reset duration (bnc#1012382).\n\n - ARM: iop: do not use using 64-bit DMA masks (bnc#1012382).\n\n - ARM: orion: do not use using 64-bit DMA masks (bnc#1012382).\n\n - ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382).\n\n - ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382).\n\n - ath6kl: Only use match sets when firmware supports it (bsc#1120902).\n\n - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929)\n\n - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382).\n\n - block: fix use-after-free on gendisk (bsc#1136448).\n\n - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382).\n\n - bnxt_en: Improve multicast address setup logic (bnc#1012382).\n\n - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382).\n\n - bonding: show full hw address in sysfs for slave entries (bnc#1012382).\n\n - bpf: reject wrong sized filters earlier (bnc#1012382).\n\n - bridge: Fix error path for kobject_init_and_add() (bnc#1012382).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: breakout empty head cleanup to a helper (bsc#1134813).\n\n - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code (bsc#1134813).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338).\n\n - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).\n\n - btrfs: split delayed ref head initialization and addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).\n\n - cdc-acm: cleaning up debug in data submission path (bsc#1136539).\n\n - cdc-acm: fix race between reset and control messaging (bsc#1106110).\n\n - cdc-acm: handle read pipe errors (bsc#1135878).\n\n - cdc-acm: reassemble fragmented notifications (bsc#1136590).\n\n - cdc-acm: store in and out pipes in acm structure (bsc#1136575).\n\n - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382).\n\n - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).\n\n - clk: fix mux clock documentation (bsc#1090888).\n\n - cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1138374, LTC#178199).\n\n - cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1138374, LTC#178199).\n\n - cpupower: remove stringop-truncation waring (bsc#1119086).\n\n - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178).\n\n - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).\n\n - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).\n\n - debugfs: fix use-after-free on symlink traversal (bnc#1012382).\n\n - Documentation: Add MDS vulnerability documentation (bnc#1012382).\n\n - Documentation: Add nospectre_v1 parameter (bnc#1012382).\n\n - Documentation: Correct the possible MDS sysfs values (bnc#1012382).\n\n - Documentation: Move L1TF to separate directory (bnc#1012382).\n\n - Do not jump to compute_result state from check_result state (bnc#1012382).\n\n - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382).\n\n - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382).\n\n - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929)\n\n - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929)\n\n - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to (bsc#1106929)\n\n - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1106929)\n\n - Drop multiversion(kernel) from the KMP template (bsc#1127155).\n\n - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535).\n\n - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458).\n\n - ext4: actually request zeroing of inode table after grow (bsc#1136451).\n\n - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356).\n\n - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452).\n\n - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449).\n\n - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623).\n\n - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810).\n\n - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438).\n\n - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382).\n\n - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658).\n\n - genirq: Prevent use-after-free and work list corruption (bnc#1012382).\n\n - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382).\n\n - HID: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382).\n\n - HID: input: add mapping for Expose/Overview key (bnc#1012382).\n\n - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382).\n\n - hugetlbfs: fix memory leak for resv_map (bnc#1012382).\n\n - IB/hfi1: Eliminate opcode tests on mr deref ().\n\n - IB/hfi1: Unreserve a reserved request when it is completed ().\n\n - ibmvnic: Add device identification to requested IRQs (bsc#1137739).\n\n - ibmvnic: Do not close unopened driver during reset (bsc#1137752).\n\n - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).\n\n - ibmvnic: Refresh device multicast list after reset (bsc#1137752).\n\n - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).\n\n - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace ().\n\n - IB/rdmavt: Fix frwr memory registration ().\n\n - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382).\n\n - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382).\n\n - init: initialize jump labels before command line option parsing (bnc#1012382).\n\n - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382).\n\n - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120).\n\n - ipv4: Fix raw socket lookup for local traffic (bnc#1012382).\n\n - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (bnc#1012382).\n\n - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382).\n\n - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382).\n\n - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382).\n\n - ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382).\n\n - ipvs: do not schedule icmp errors from tunnels (bnc#1012382).\n\n - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).\n\n - jffs2: fix use-after-free on symlink traversal (bnc#1012382).\n\n - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).\n\n - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586).\n\n - kbuild: simplify ld-option implementation (bnc#1012382).\n\n - kconfig: display recursive dependency resolution hint just once (bsc#1100132).\n\n - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382).\n\n - keys: Timestamp new keys (bsc#1120902).\n\n - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382).\n\n - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382).\n\n - libata: fix using DMA buffers on stack (bnc#1012382).\n\n - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n\n - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382).\n\n - mac80211_hwsim: validate number of different channels (bsc#1085539).\n\n - media: pvrusb2: Prevent a buffer overflow (bsc#1135642).\n\n - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382).\n\n - MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382).\n\n - mount: copy the port field into the cloned nfs_server structure (bsc#1136990).\n\n - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).\n\n - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562).\n\n - net: ethernet: ti: fix possible object reference leak (bnc#1012382).\n\n - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (bnc#1012382).\n\n - netfilter: compat: initialize all fields in xt_init (bnc#1012382).\n\n - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382).\n\n - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382).\n\n - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382).\n\n - net: ibm: fix possible object reference leak (bnc#1012382).\n\n - net/ibmvnic: Remove tests of member address (bsc#1137739).\n\n - net: ks8851: Delay requesting IRQ until opened (bnc#1012382).\n\n - net: ks8851: Dequeue RX packets explicitly (bnc#1012382).\n\n - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382).\n\n - net: ks8851: Set initial carrier state to down (bnc#1012382).\n\n - net: Remove NO_IRQ from powerpc-only network drivers (bsc#1137739).\n\n - net: stmmac: move stmmac_check_ether_addr() to driver probe (bnc#1012382).\n\n - net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382).\n\n - net: xilinx: fix possible object reference leak (bnc#1012382).\n\n - nfsd: Do not release the callback slot unless it was actually held (bnc#1012382).\n\n - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (bnc#1012382).\n\n - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).\n\n - nvme: Do not allow to reset a reconnecting controller (bsc#1133874).\n\n - packet: Fix error path in packet_init (bnc#1012382).\n\n - packet: validate msg_namelen in send directly (bnc#1012382).\n\n - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142).\n\n - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642).\n\n - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes).\n\n - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382).\n\n - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382).\n\n - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382).\n\n - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382 bsc#1131107).\n\n - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382).\n\n - powerpc/64s: Include cpu header (bnc#1012382).\n\n - powerpc/booke64: set RI in default MSR (bnc#1012382).\n\n - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199).\n\n - powerpc/eeh: Fix race with driver un/bind (bsc#1066223).\n\n - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382).\n\n - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382).\n\n - powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382).\n\n - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382).\n\n - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382).\n\n - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382).\n\n - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382).\n\n - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' (bnc#1012382).\n\n - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382).\n\n - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382).\n\n - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382).\n\n - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382).\n\n - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382).\n\n - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382).\n\n - powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382).\n\n - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043).\n\n - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043).\n\n - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).\n\n - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043).\n\n - powerpc/process: Fix sparse address space warnings (bsc#1066223).\n\n - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199).\n\n - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199).\n\n - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382).\n\n - qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696).\n\n - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382).\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781).\n\n - RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604).\n\n - Revert 'block/loop: Use global lock for ioctl() operation.' (bnc#1012382).\n\n - Revert 'cpu/speculation: Add 'mitigations=' cmdline option' (stable backports).\n\n - Revert 'Do not jump to compute_result state from check_result state' (git-fixes).\n\n - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19.\n\n - Revert 'sched: Add sched_smt_active()' (stable backports).\n\n - Revert 'x86/MCE: Save microcode revision in machine check records' (kabi).\n\n - Revert 'x86/speculation/mds: Add 'mitigations=' support for MDS' (stable backports).\n\n - Revert 'x86/speculation: Support 'mitigations=' cmdline option' (stable backports).\n\n - rtc: da9063: set uie_unsupported when relevant (bnc#1012382).\n\n - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382).\n\n - rtlwifi: fix false rates in\n _rtl8821ae_mrate_idx_to_arfr_id() (bsc#1120902).\n\n - s390/3270: fix lockdep false positive on view->lock (bnc#1012382).\n\n - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382).\n\n - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382).\n\n - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382).\n\n - sc16is7xx: move label 'err_spi' to correct section (git-fixes).\n\n - sched: Add sched_smt_active() (bnc#1012382).\n\n - sched/numa: Fix a possible divide-by-zero (bnc#1012382).\n\n - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (bnc#1012382).\n\n - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382).\n\n - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382).\n\n - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382).\n\n - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382).\n\n - selftests/net: correct the return value for run_netsocktests (bnc#1012382).\n\n - selinux: never allow relabeling on context mounts (bnc#1012382).\n\n - signals: avoid random wakeups in sigsuspend() (bsc#1137915)\n\n - slip: make slhc_free() silently accept an error pointer (bnc#1012382).\n\n - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382).\n\n - staging: iio: adt7316: fix the dac read calculation (bnc#1012382).\n\n - staging: iio: adt7316: fix the dac write calculation (bnc#1012382).\n\n - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).\n\n - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).\n\n - tcp: limit payload size of sacked skbs (bsc#1137586).\n\n - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).\n\n - team: fix possible recursive locking when add slaves (bnc#1012382).\n\n - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382).\n\n - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bnc#1012382).\n\n - tipc: check link name with right length in tipc_nl_compat_link_set (bnc#1012382).\n\n - tipc: handle the err returned from cmd header function (bnc#1012382).\n\n - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).\n\n - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382).\n\n - tracing: Fix partial reading of trace event's id file (bsc#1136573).\n\n - treewide: Use DEVICE_ATTR_WO (bsc#1137739).\n\n - UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770).\n\n - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1136455).\n\n - Update config files: disable IDE on ppc64le\n\n - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).\n\n - usb: cdc-acm: fix unthrottle races (bsc#1135642).\n\n - usb: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382).\n\n - usb: core: Fix unterminated string returned by usb_string() (bnc#1012382).\n\n - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382).\n\n - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382).\n\n - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382).\n\n - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382).\n\n - usbnet: ipheth: fix potential NULL pointer dereference in ipheth_carrier_set (bnc#1012382).\n\n - usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382).\n\n - usb: serial: fix unthrottle races (bnc#1012382).\n\n - usb: serial: use variable for status (bnc#1012382).\n\n - usb: u132-hcd: fix resource leak (bnc#1012382).\n\n - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382).\n\n - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382).\n\n - usb: yurex: Fix protection fault after device removal (bnc#1012382).\n\n - vfio/pci: use correct format characters (bnc#1012382).\n\n - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382).\n\n - vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382).\n\n - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).\n\n - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).\n\n - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382).\n\n - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382).\n\n - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382).\n\n - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382).\n\n - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382).\n\n - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382).\n\n - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382).\n\n - x86/MCE: Save microcode revision in machine check records (bnc#1012382).\n\n - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382).\n\n - x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382).\n\n - x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382).\n\n - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bnc#1012382).\n\n - x86/microcode: Update the new microcode revision unconditionally (bnc#1012382).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382).\n\n - x86/process: Consolidate and simplify switch_to_xtra() code (bnc#1012382).\n\n - x86/speculataion: Mark command line parser data\n __initdata (bnc#1012382).\n\n - x86/speculation: Add command line control for indirect branch speculation (bnc#1012382).\n\n - x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382).\n\n - x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382).\n\n - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382).\n\n - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382).\n\n - x86/speculation: Disable STIBP when enhanced IBRS is in use (bnc#1012382).\n\n - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382).\n\n - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382).\n\n - x86/speculation: Mark string arrays const correctly (bnc#1012382).\n\n - x86/speculation/mds: Fix comment (bnc#1012382).\n\n - x86/speculation/mds: Fix documentation typo (bnc#1012382).\n\n - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bnc#1012382).\n\n - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382).\n\n - x86/speculation: Prepare for conditional IBPB in switch_mm() (bnc#1012382).\n\n - x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382).\n\n - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382).\n\n - x86/speculation: Provide IBPB always command line options (bnc#1012382).\n\n - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation (bnc#1012382).\n\n - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bnc#1012382).\n\n - x86/speculation: Rename SSBD update functions (bnc#1012382).\n\n - x86/speculation: Reorder the spec_v2 code (bnc#1012382).\n\n - x86/speculation: Reorganize speculation control MSRs update (bnc#1012382).\n\n - x86/speculation: Split out TIF update (bnc#1012382).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382).\n\n - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178).\n\n - x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382).\n\n - x86/speculation: Update the TIF_SSBD comment (bnc#1012382).\n\n - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600).\n\n - xsysace: Fix error handling in ace_setup (bnc#1012382).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4343", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11191", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11487", "CVE-2019-11833", "CVE-2019-12380", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1570.NASL", "href": "https://www.tenable.com/plugins/nessus/126033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1570.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126033);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2013-4343\",\n \"CVE-2018-7191\",\n \"CVE-2019-11190\",\n \"CVE-2019-11191\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11487\",\n \"CVE-2019-11833\",\n \"CVE-2019-12380\",\n \"CVE-2019-12382\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-11477: A sequence of SACKs may have been\n crafted by a remote attacker such that one can trigger\n an integer overflow, leading to a kernel panic.\n (bsc#1137586).\n\n - CVE-2019-11478: It was possible to send a crafted\n sequence of SACKs which would fragment the TCP\n retransmission queue. A remote attacker may have been\n able to further exploit the fragmented queue to cause an\n expensive linked-list walk for subsequent SACKs received\n for that same TCP connection. (bsc#1137586)\n\n - CVE-2019-11479: It was possible to send a crafted\n sequence of SACKs which would fragment the RACK send\n map. A remote attacker may be able to further exploit\n the fragmented send map to cause an expensive\n linked-list walk for subsequent SACKs received for that\n same TCP connection. This would have resulted in excess\n resource consumption due to low mss values.\n (bsc#1137586)\n\n - CVE-2019-12819: The function __mdiobus_register() in\n drivers/net/phy/mdio_bus.c calls put_device(), which\n will trigger a fixed_mdio_bus_init use-after-free. This\n will cause a denial of service (bnc#1138291).\n\n - CVE-2019-12818: The nfc_llcp_build_tlv function in\n net/nfc/llcp_commands.c may return NULL. If the caller\n did not check for this, it will trigger a NULL pointer\n dereference. This will cause denial of service. This\n affects nfc_llcp_build_gb in net/nfc/llcp_core.c\n (bnc#1138293).\n\n - CVE-2019-12456: An issue was discovered in the\n MPT3COMMAND case in _ctl_ioctl_main in\n drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local\n users to cause a denial of service or possibly have\n unspecified other impact by changing the value of\n ioc_number between two kernel reads of that value, aka a\n 'double fetch' vulnerability (bnc#1136922).\n\n - CVE-2019-12380: phys_efi_set_virtual_address_map in\n arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory\n allocation failures (bnc#1136598).\n\n - CVE-2019-11487: The Linux kernel allowed page->_refcount\n reference count overflow, with resultant use-after-free\n issues, if about 140 GiB of RAM exists. This is related\n to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests (bnc#1133190).\n\n - CVE-2019-3846: A flaw that allowed an attacker to\n corrupt memory and possibly escalate privileges was\n found in the mwifiex kernel module while connecting to a\n malicious wireless network (bnc#1136424).\n\n - CVE-2019-12382: An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c. There was an unchecked\n kstrdup of fwstr, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system\n crash) (bnc#1136586).\n\n - CVE-2019-5489: The mincore() implementation in\n mm/mincore.c allowed local attackers to observe page\n cache access patterns of other processes on the same\n system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server\n (bnc#1120843).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the\n unused memory region in the extent tree block, which\n might allow local users to obtain sensitive information\n by reading uninitialized data in the filesystem\n (bnc#1135281).\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name\n is not called before register_netdevice. This allowed\n local users to cause a denial of service (NULL pointer\n dereference and panic) via an ioctl(TUNSETIFF) call with\n a dev name containing a / character. This is similar to\n CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11190, CVE-2019-11191: The Linux kernel allowed\n local users to bypass ASLR on setuid programs (such as\n /bin/su) because install_exec_creds() is called too late\n in load_elf_binary() in fs/binfmt_elf.c, and thus the\n ptrace_may_access() check has a race condition when\n reading /proc/pid/stat (bnc#1131543 bnc#1132374\n bnc#1132472).\n\nThe following non-security bugs were fixed :\n\n - ALSA: line6: use dynamic buffers (bnc#1012382).\n\n - ARM: dts: pfla02: increase phy reset duration\n (bnc#1012382).\n\n - ARM: iop: do not use using 64-bit DMA masks\n (bnc#1012382).\n\n - ARM: orion: do not use using 64-bit DMA masks\n (bnc#1012382).\n\n - ASoC: cs4270: Set auto-increment bit for register writes\n (bnc#1012382).\n\n - ASoC: Intel: avoid Oops if DMA setup fails\n (bnc#1012382).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case\n (bnc#1012382).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382).\n\n - ath6kl: Only use match sets when firmware supports it\n (bsc#1120902).\n\n - backlight: lm3630a: Return 0 on success in update_status\n functions (bsc#1106929)\n\n - bitops: avoid integer overflow in GENMASK(_ULL)\n (bnc#1012382).\n\n - block: fix use-after-free on gendisk (bsc#1136448).\n\n - bluetooth: Align minimum encryption key size for LE and\n BR/EDR connections (bnc#1012382).\n\n - bnxt_en: Improve multicast address setup logic\n (bnc#1012382).\n\n - bonding: fix arp_validate toggling in active-backup mode\n (bnc#1012382).\n\n - bonding: show full hw address in sysfs for slave entries\n (bnc#1012382).\n\n - bpf: reject wrong sized filters earlier (bnc#1012382).\n\n - bridge: Fix error path for kobject_init_and_add()\n (bnc#1012382).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: breakout empty head cleanup to a helper\n (bsc#1134813).\n\n - btrfs: delayed-ref: Introduce better documented delayed\n ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to\n add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n add_pinned_bytes() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n btrfs_free_extent() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code\n (bsc#1134813).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function\n (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic\n (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Check bg while resuming relocation to\n avoid NULL pointer dereference (bsc#1134806).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc\n tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: reloc: Also queue orphan reloc tree for cleanup\n to avoid BUG_ON() (bsc#1134338).\n\n - btrfs: remove delayed_ref_node from ref_head\n (bsc#1134813).\n\n - btrfs: split delayed ref head initialization and\n addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list\n (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in\n add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in\n add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head\n (bsc#1134813).\n\n - cdc-acm: cleaning up debug in data submission path\n (bsc#1136539).\n\n - cdc-acm: fix race between reset and control messaging\n (bsc#1106110).\n\n - cdc-acm: handle read pipe errors (bsc#1135878).\n\n - cdc-acm: reassemble fragmented notifications\n (bsc#1136590).\n\n - cdc-acm: store in and out pipes in acm structure\n (bsc#1136575).\n\n - cifs: do not attempt cifs operation on smb2+ rename\n error (bnc#1012382).\n\n - cifs: keep FileInfo handle live during oplock break\n (bsc#1106284, bsc#1131565).\n\n - clk: fix mux clock documentation (bsc#1090888).\n\n - cpu/hotplug: Provide cpus_read|write_[un]lock()\n (bsc#1138374, LTC#178199).\n\n - cpu/hotplug: Provide lockdep_assert_cpus_held()\n (bsc#1138374, LTC#178199).\n\n - cpupower: remove stringop-truncation waring\n (bsc#1119086).\n\n - cpu/speculation: Add 'mitigations=' cmdline option\n (bnc#1012382 bsc#1112178).\n\n - crypto: vmx - CTR: always increment IV as quadword\n (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - fix copy-paste error in CTR mode\n (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - ghash: do nosimd fallback manually\n (bsc#1135661, bsc#1137162).\n\n - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661,\n bsc#1137162).\n\n - crypto: vmx - return correct error code on failed setkey\n (bsc#1135661, bsc#1137162).\n\n - debugfs: fix use-after-free on symlink traversal\n (bnc#1012382).\n\n - Documentation: Add MDS vulnerability documentation\n (bnc#1012382).\n\n - Documentation: Add nospectre_v1 parameter (bnc#1012382).\n\n - Documentation: Correct the possible MDS sysfs values\n (bnc#1012382).\n\n - Documentation: Move L1TF to separate directory\n (bnc#1012382).\n\n - Do not jump to compute_result state from check_result\n state (bnc#1012382).\n\n - drivers/virt/fsl_hypervisor.c: dereferencing error\n pointers in ioctl (bnc#1012382).\n\n - drivers/virt/fsl_hypervisor.c: prevent integer overflow\n in ioctl (bnc#1012382).\n\n - drm/bridge: adv7511: Fix low refresh rate selection\n (bsc#1106929)\n\n - drm/rockchip: shutdown drm subsystem on shutdown\n (bsc#1106929)\n\n - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader()\n leading to (bsc#1106929)\n\n - drm/vmwgfx: NULL pointer dereference from\n vmw_cmd_dx_view_define() (bsc#1106929)\n\n - Drop multiversion(kernel) from the KMP template\n (bsc#1127155).\n\n - dt-bindings: rcar-dmac: Document missing error interrupt\n (bsc#1085535).\n\n - exportfs: fix 'passing zero to ERR_PTR()' warning\n (bsc#1136458).\n\n - ext4: actually request zeroing of inode table after grow\n (bsc#1136451).\n\n - ext4: avoid panic during forced reboot due to aborted\n journal (bsc#1126356).\n\n - ext4: fix ext4_show_options for file systems w/o journal\n (bsc#1136452).\n\n - ext4: fix use-after-free race with\n debug_want_extra_isize (bsc#1136449).\n\n - ext4: make sure enough credits are reserved for\n dioread_nolock writes (bsc#1136623).\n\n - ext4: Return EAGAIN in case of DIO is beyond end of file\n (bsc#1136810).\n\n - ext4: wait for outstanding dio during truncate in\n nojournal mode (bsc#1136438).\n\n - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference\n (bnc#1012382).\n\n - ftrace/x86_64: Emulate call function while updating in\n breakpoint handler (bsc#1099658).\n\n - genirq: Prevent use-after-free and work list corruption\n (bnc#1012382).\n\n - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382).\n\n - HID: debug: fix race condition with between rdesc_show()\n and device removal (bnc#1012382).\n\n - HID: input: add mapping for Expose/Overview key\n (bnc#1012382).\n\n - HID: input: add mapping for keyboard Brightness\n Up/Down/Toggle keys (bnc#1012382).\n\n - hugetlbfs: fix memory leak for resv_map (bnc#1012382).\n\n - IB/hfi1: Eliminate opcode tests on mr deref ().\n\n - IB/hfi1: Unreserve a reserved request when it is\n completed ().\n\n - ibmvnic: Add device identification to requested IRQs\n (bsc#1137739).\n\n - ibmvnic: Do not close unopened driver during reset\n (bsc#1137752).\n\n - ibmvnic: Fix unchecked return codes of memory\n allocations (bsc#1137752).\n\n - ibmvnic: Refresh device multicast list after reset\n (bsc#1137752).\n\n - ibmvnic: remove set but not used variable 'netdev'\n (bsc#1137739).\n\n - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace\n ().\n\n - IB/rdmavt: Fix frwr memory registration ().\n\n - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382).\n\n - iio: adc: xilinx: fix potential use-after-free on remove\n (bnc#1012382).\n\n - init: initialize jump labels before command line option\n parsing (bnc#1012382).\n\n - Input: snvs_pwrkey - initialize necessary driver data\n before enabling IRQ (bnc#1012382).\n\n - ipmi:ssif: compare block number correctly for multi-part\n return messages (bsc#1135120).\n\n - ipv4: Fix raw socket lookup for local traffic\n (bnc#1012382).\n\n - ipv4: ip_do_fragment: Preserve skb_iif during\n fragmentation (bnc#1012382).\n\n - ipv4: set the tcp_min_rtt_wlen range from 0 to one day\n (bnc#1012382).\n\n - ipv6: fix a potential deadlock in do_ipv6_setsockopt()\n (bnc#1012382).\n\n - ipv6/flowlabel: wait rcu grace period before put_pid()\n (bnc#1012382).\n\n - ipv6: invert flowlabel sharing check in process and user\n mode (bnc#1012382).\n\n - ipvs: do not schedule icmp errors from tunnels\n (bnc#1012382).\n\n - iwiwifi: fix bad monitor buffer register addresses\n (bsc#1129770).\n\n - jffs2: fix use-after-free on symlink traversal\n (bnc#1012382).\n\n - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter\n (bsc#1137586).\n\n - kabi: move sysctl_tcp_min_snd_mss to preserve struct net\n layout (bsc#1137586).\n\n - kbuild: simplify ld-option implementation (bnc#1012382).\n\n - kconfig: display recursive dependency resolution hint\n just once (bsc#1100132).\n\n - kconfig/[mn]conf: handle backspace (^H) key\n (bnc#1012382).\n\n - keys: Timestamp new keys (bsc#1120902).\n\n - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception\n number (bnc#1012382).\n\n - KVM: x86: avoid misreporting level-triggered irqs as\n edge-triggered in tracing (bnc#1012382).\n\n - libata: fix using DMA buffers on stack (bnc#1012382).\n\n - libertas_tf: prevent underflow in process_cmdrequest()\n (bsc#1119086).\n\n - libnvdimm/btt: Fix a kmemdup failure check\n (bnc#1012382).\n\n - mac80211_hwsim: validate number of different channels\n (bsc#1085539).\n\n - media: pvrusb2: Prevent a buffer overflow (bsc#1135642).\n\n - media: v4l2: i2c: ov7670: Fix PLL bypass register values\n (bnc#1012382).\n\n - MIPS: scall64-o32: Fix indirect syscall number load\n (bnc#1012382).\n\n - mount: copy the port field into the cloned nfs_server\n structure (bsc#1136990).\n\n - mwifiex: Fix heap overflow in\n mwifiex_uap_parse_tail_ies() (bsc#1136935).\n\n - net: ena: fix return value of ena_com_config_llq_info()\n (bsc#1117562).\n\n - net: ethernet: ti: fix possible object reference leak\n (bnc#1012382).\n\n - netfilter: bridge: set skb transport_header before\n entering NF_INET_PRE_ROUTING (bnc#1012382).\n\n - netfilter: compat: initialize all fields in xt_init\n (bnc#1012382).\n\n - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON\n (bnc#1012382).\n\n - net: hns: Fix WARNING when remove HNS driver with SMMU\n enabled (bnc#1012382).\n\n - net: hns: Use NAPI_POLL_WEIGHT for hns driver\n (bnc#1012382).\n\n - net: ibm: fix possible object reference leak\n (bnc#1012382).\n\n - net/ibmvnic: Remove tests of member address\n (bsc#1137739).\n\n - net: ks8851: Delay requesting IRQ until opened\n (bnc#1012382).\n\n - net: ks8851: Dequeue RX packets explicitly\n (bnc#1012382).\n\n - net: ks8851: Reassert reset pin if chip ID check fails\n (bnc#1012382).\n\n - net: ks8851: Set initial carrier state to down\n (bnc#1012382).\n\n - net: Remove NO_IRQ from powerpc-only network drivers\n (bsc#1137739).\n\n - net: stmmac: move stmmac_check_ether_addr() to driver\n probe (bnc#1012382).\n\n - net: ucc_geth - fix Oops when changing number of buffers\n in the ring (bnc#1012382).\n\n - net: xilinx: fix possible object reference leak\n (bnc#1012382).\n\n - nfsd: Do not release the callback slot unless it was\n actually held (bnc#1012382).\n\n - NFS: Forbid setting AF_INET6 to 'struct\n sockaddr_in'->sin_family (bnc#1012382).\n\n - ntp: Allow TAI-UTC offset to be set to zero\n (bsc#1135642).\n\n - nvme: Do not allow to reset a reconnecting controller\n (bsc#1133874).\n\n - packet: Fix error path in packet_init (bnc#1012382).\n\n - packet: validate msg_namelen in send directly\n (bnc#1012382).\n\n - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken\n (bsc#1137142).\n\n - PCI: Mark Atheros AR9462 to avoid bus reset\n (bsc#1135642).\n\n - perf/x86/intel: Allow PEBS multi-entry in watermark mode\n (git-fixes).\n\n - perf/x86/intel: Fix handling of wakeup_events for\n multi-entry PEBS (bnc#1012382).\n\n - platform/x86: sony-laptop: Fix unintentional\n fall-through (bnc#1012382).\n\n - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382).\n\n - powerpc/64: Call setup_barrier_nospec() from\n setup_arch() (bnc#1012382 bsc#1131107).\n\n - powerpc/64: Make meltdown reporting Book3S 64 specific\n (bnc#1012382).\n\n - powerpc/64s: Include cpu header (bnc#1012382).\n\n - powerpc/booke64: set RI in default MSR (bnc#1012382).\n\n - powerpc/cacheinfo: add cacheinfo_teardown,\n cacheinfo_rebuild (bsc#1138374, LTC#178199).\n\n - powerpc/eeh: Fix race with driver un/bind (bsc#1066223).\n\n - powerpc/fsl: Add barrier_nospec implementation for NXP\n PowerPC Book3E (bnc#1012382).\n\n - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for\n nospectre_v2 boot arg (bnc#1012382).\n\n - powerpc/fsl: Add infrastructure to fixup branch\n predictor flush (bnc#1012382).\n\n - powerpc/fsl: Add macro to flush the branch predictor\n (bnc#1012382).\n\n - powerpc/fsl: Add nospectre_v2 command line argument\n (bnc#1012382).\n\n - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382).\n\n - powerpc/fsl: Enable runtime patching if nospectre_v2\n boot arg is used (bnc#1012382).\n\n - powerpc/fsl: Fixed warning: orphan section\n `__btb_flush_fixup' (bnc#1012382).\n\n - powerpc/fsl: Fix the flush of branch predictor\n (bnc#1012382).\n\n - powerpc/fsl: Flush branch predictor when entering KVM\n (bnc#1012382).\n\n - powerpc/fsl: Flush the branch predictor at each kernel\n entry (32 bit) (bnc#1012382).\n\n - powerpc/fsl: Flush the branch predictor at each kernel\n entry (64bit) (bnc#1012382).\n\n - powerpc/fsl: Sanitize the syscall table for NXP PowerPC\n 32 bit platforms (bnc#1012382).\n\n - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382).\n\n - powerpc/lib: fix book3s/32 boot failure due to code\n patching (bnc#1012382).\n\n - powerpc/perf: Add blacklisted events for Power9 DD2.1\n (bsc#1053043).\n\n - powerpc/perf: Add blacklisted events for Power9 DD2.2\n (bsc#1053043).\n\n - powerpc/perf: Fix MMCRA corruption by bhrb_filter\n (bsc#1053043).\n\n - powerpc/perf: Infrastructure to support addition of\n blacklisted events (bsc#1053043).\n\n - powerpc/process: Fix sparse address space warnings\n (bsc#1066223).\n\n - powerpc/pseries/mobility: prevent cpu hotplug during DT\n update (bsc#1138374, LTC#178199).\n\n - powerpc/pseries/mobility: rebuild cacheinfo hierarchy\n post-migration (bsc#1138374, LTC#178199).\n\n - powerpc/xmon: Add RFI flush related fields to paca dump\n (bnc#1012382).\n\n - qede: fix write to free'd pointer error and double free\n of ptp (bsc#1019695 bsc#1019696).\n\n - qlcnic: Avoid potential NULL pointer dereference\n (bnc#1012382).\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference\n (bsc#1005778 bsc#1005780 bsc#1005781).\n\n - RDMA/qedr: Fix out of bounds index check in query pkey\n (bsc#1022604).\n\n - Revert 'block/loop: Use global lock for ioctl()\n operation.' (bnc#1012382).\n\n - Revert 'cpu/speculation: Add 'mitigations=' cmdline\n option' (stable backports).\n\n - Revert 'Do not jump to compute_result state from\n check_result state' (git-fixes).\n\n - Revert 'KMPs: obsolete older KMPs of the same flavour\n (bsc#1127155, bsc#1109137).' This reverts commit\n 4cc83da426b53d47f1fde9328112364eab1e9a19.\n\n - Revert 'sched: Add sched_smt_active()' (stable\n backports).\n\n - Revert 'x86/MCE: Save microcode revision in machine\n check records' (kabi).\n\n - Revert 'x86/speculation/mds: Add 'mitigations=' support\n for MDS' (stable backports).\n\n - Revert 'x86/speculation: Support 'mitigations=' cmdline\n option' (stable backports).\n\n - rtc: da9063: set uie_unsupported when relevant\n (bnc#1012382).\n\n - rtc: sh: Fix invalid alarm warning for non-enabled alarm\n (bnc#1012382).\n\n - rtlwifi: fix false rates in\n _rtl8821ae_mrate_idx_to_arfr_id() (bsc#1120902).\n\n - s390/3270: fix lockdep false positive on view->lock\n (bnc#1012382).\n\n - s390: ctcm: fix ctcm_new_device error return code\n (bnc#1012382).\n\n - s390/dasd: Fix capacity calculation for large volumes\n (bnc#1012382).\n\n - sc16is7xx: missing unregister/delete driver on error in\n sc16is7xx_init() (bnc#1012382).\n\n - sc16is7xx: move label 'err_spi' to correct section\n (git-fixes).\n\n - sched: Add sched_smt_active() (bnc#1012382).\n\n - sched/numa: Fix a possible divide-by-zero (bnc#1012382).\n\n - scsi: csiostor: fix missing data copy in\n csio_scsi_err_handler() (bnc#1012382).\n\n - scsi: libsas: fix a race condition when smp task timeout\n (bnc#1012382).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in\n optrom SYSFS routines (bnc#1012382).\n\n - scsi: qla4xxx: fix a potential NULL pointer dereference\n (bnc#1012382).\n\n - scsi: storvsc: Fix calculation of sub-channel count\n (bnc#1012382).\n\n - scsi: zfcp: reduce flood of fcrscn1 trace records on\n multi-element RSCN (bnc#1012382).\n\n - selftests/net: correct the return value for\n run_netsocktests (bnc#1012382).\n\n - selinux: never allow relabeling on context mounts\n (bnc#1012382).\n\n - signals: avoid random wakeups in sigsuspend()\n (bsc#1137915)\n\n - slip: make slhc_free() silently accept an error pointer\n (bnc#1012382).\n\n - staging: iio: adt7316: allow adt751x to use internal\n vref for all dacs (bnc#1012382).\n\n - staging: iio: adt7316: fix the dac read calculation\n (bnc#1012382).\n\n - staging: iio: adt7316: fix the dac write calculation\n (bnc#1012382).\n\n - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).\n\n - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()\n (bsc#1137586).\n\n - tcp: limit payload size of sacked skbs (bsc#1137586).\n\n - tcp: tcp_fragment() should apply sane memory limits\n (bsc#1137586).\n\n - team: fix possible recursive locking when add slaves\n (bnc#1012382).\n\n - timer/debug: Change /proc/timer_stats from 0644 to 0600\n (bnc#1012382).\n\n - tipc: check bearer name with right length in\n tipc_nl_compat_bearer_enable (bnc#1012382).\n\n - tipc: check link name with right length in\n tipc_nl_compat_link_set (bnc#1012382).\n\n - tipc: handle the err returned from cmd header function\n (bnc#1012382).\n\n - tools lib traceevent: Fix missing equality check for\n strcmp (bsc#1129770).\n\n - trace: Fix preempt_enable_no_resched() abuse\n (bnc#1012382).\n\n - tracing: Fix partial reading of trace event's id file\n (bsc#1136573).\n\n - treewide: Use DEVICE_ATTR_WO (bsc#1137739).\n\n - UAS: fix alignment of scatter/gather segments\n (bnc#1012382 bsc#1129770).\n\n - ufs: fix braino in ufs_get_inode_gid() for solaris UFS\n flavour (bsc#1136455).\n\n - Update config files: disable IDE on ppc64le\n\n - usb: cdc-acm: fix race during wakeup blocking TX traffic\n (bsc#1129770).\n\n - usb: cdc-acm: fix unthrottle races (bsc#1135642).\n\n - usb: core: Fix bug caused by duplicate interface PM\n usage counter (bnc#1012382).\n\n - usb: core: Fix unterminated string returned by\n usb_string() (bnc#1012382).\n\n - usb: dwc3: Fix default lpm_nyet_threshold value\n (bnc#1012382).\n\n - usb: gadget: net2272: Fix net2272_dequeue()\n (bnc#1012382).\n\n - usb: gadget: net2280: Fix net2280_dequeue()\n (bnc#1012382).\n\n - usb: gadget: net2280: Fix overrun of OUT messages\n (bnc#1012382).\n\n - usbnet: ipheth: fix potential NULL pointer dereference\n in ipheth_carrier_set (bnc#1012382).\n\n - usbnet: ipheth: prevent TX queue timeouts when device\n not ready (bnc#1012382).\n\n - usb: serial: fix unthrottle races (bnc#1012382).\n\n - usb: serial: use variable for status (bnc#1012382).\n\n - usb: u132-hcd: fix resource leak (bnc#1012382).\n\n - usb: usbip: fix isoc packet num validation in get_pipe\n (bnc#1012382).\n\n - usb: w1 ds2490: Fix bug caused by improper use of\n altsetting array (bnc#1012382).\n\n - usb: yurex: Fix protection fault after device removal\n (bnc#1012382).\n\n - vfio/pci: use correct format characters (bnc#1012382).\n\n - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382).\n\n - vrf: sit mtu should not be updated when vrf netdev is\n the link (bnc#1012382).\n\n - x86_64: Add gap to int3 to allow for call emulation\n (bsc#1099658).\n\n - x86_64: Allow breakpoints to emulate call instructions\n (bsc#1099658).\n\n - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382).\n\n - x86/bugs: Change L1TF mitigation string to match\n upstream (bnc#1012382).\n\n - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR\n (bnc#1012382).\n\n - x86/bugs: Switch the selection of mitigation from CPU\n vendor to CPU features (bnc#1012382).\n\n - x86/cpu/bugs: Use __initconst for 'const' init data\n (bnc#1012382).\n\n - x86/cpufeatures: Hide AMD-specific speculation flags\n (bnc#1012382).\n\n - x86/Kconfig: Select SCHED_SMT if SMP enabled\n (bnc#1012382).\n\n - x86/MCE: Save microcode revision in machine check\n records (bnc#1012382).\n\n - x86/mds: Add MDSUM variant to the MDS documentation\n (bnc#1012382).\n\n - x86/microcode/intel: Add a helper which gives the\n microcode revision (bnc#1012382).\n\n - x86/microcode/intel: Check microcode revision before\n updating sibling threads (bnc#1012382).\n\n - x86/microcode: Make sure boot_cpu_data.microcode is\n up-to-date (bnc#1012382).\n\n - x86/microcode: Update the new microcode revision\n unconditionally (bnc#1012382).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs\n (bnc#1012382).\n\n - x86/process: Consolidate and simplify switch_to_xtra()\n code (bnc#1012382).\n\n - x86/speculataion: Mark command line parser data\n __initdata (bnc#1012382).\n\n - x86/speculation: Add command line control for indirect\n branch speculation (bnc#1012382).\n\n - x86/speculation: Add prctl() control for indirect branch\n speculation (bnc#1012382).\n\n - x86/speculation: Add seccomp Spectre v2 user space\n protection mode (bnc#1012382).\n\n - x86/speculation: Avoid __switch_to_xtra() calls\n (bnc#1012382).\n\n - x86/speculation: Clean up spectre_v2_parse_cmdline()\n (bnc#1012382).\n\n - x86/speculation: Disable STIBP when enhanced IBRS is in\n use (bnc#1012382).\n\n - x86/speculation: Enable prctl mode for spectre_v2_user\n (bnc#1012382).\n\n - x86/speculation/l1tf: Document l1tf in sysfs\n (bnc#1012382).\n\n - x86/speculation: Mark string arrays const correctly\n (bnc#1012382).\n\n - x86/speculation/mds: Fix comment (bnc#1012382).\n\n - x86/speculation/mds: Fix documentation typo\n (bnc#1012382).\n\n - x86/speculation: Move STIPB/IBPB string conditionals out\n of cpu_show_common() (bnc#1012382).\n\n - x86/speculation: Prepare arch_smt_update() for PRCTL\n mode (bnc#1012382).\n\n - x86/speculation: Prepare for conditional IBPB in\n switch_mm() (bnc#1012382).\n\n - x86/speculation: Prepare for per task indirect branch\n speculation control (bnc#1012382).\n\n - x86/speculation: Prevent stale SPEC_CTRL msr content\n (bnc#1012382).\n\n - x86/speculation: Provide IBPB always command line\n options (bnc#1012382).\n\n - x86/speculation: Remove SPECTRE_V2_IBRS in enum\n spectre_v2_mitigation (bnc#1012382).\n\n - x86/speculation: Remove unnecessary ret variable in\n cpu_show_common() (bnc#1012382).\n\n - x86/speculation: Rename SSBD update functions\n (bnc#1012382).\n\n - x86/speculation: Reorder the spec_v2 code (bnc#1012382).\n\n - x86/speculation: Reorganize speculation control MSRs\n update (bnc#1012382).\n\n - x86/speculation: Split out TIF update (bnc#1012382).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n (bnc#1012382).\n\n - x86/speculation: Support 'mitigations=' cmdline option\n (bnc#1012382 bsc#1112178).\n\n - x86/speculation: Unify conditional spectre v2 print\n functions (bnc#1012382).\n\n - x86/speculation: Update the TIF_SSBD comment\n (bnc#1012382).\n\n - xenbus: drop useless LIST_HEAD in xenbus_write_watch()\n and xenbus_file_write() (bsc#1065600).\n\n - xsysace: Fix error handling in ace_setup (bnc#1012382).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.180-102.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.180-102.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:17:08", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic.\n (bsc#1137586).\n\n - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)\n\n - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.\n (bsc#1137586)\n\n - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291).\n\n - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).\n\n - CVE-2019-12456: local users could cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability.\n (bnc#1136922)\n\n - CVE-2019-12380: phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598).\n\n - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424).\n\n - CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699)\n\n - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586).\n\n - CVE-2019-11487: The Linux kernel before 5.1-rc5 allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists.\n This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190).\n\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281).\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135278).\n\nThe following non-security bugs were fixed :\n\n - 9p locks: add mount option for lock retry interval (bsc#1051510).\n\n - ACPI: Add Hygon Dhyana support ().\n\n - ACPI: button: reinitialize button state upon resume (bsc#1051510).\n\n - ACPICA: AML interpreter: add region addresses in global list during initialization (bsc#1051510).\n\n - ACPICA: Namespace: remove address node from global list after method termination (bsc#1051510).\n\n - ACPI: fix menuconfig presentation of ACPI submenu (bsc#1117158).\n\n - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510).\n\n - ACPI / utils: Drop reference in test for device presence (bsc#1051510).\n\n - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510).\n\n - ALSA: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).\n\n - ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).\n\n - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).\n\n - ALSA: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).\n\n - ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510).\n\n - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510).\n\n - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510).\n\n - ALSA: hda - Use a macro for snd_array iteration loops (bsc#1051510).\n\n - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).\n\n - appletalk: Fix compile regression (bsc#1051510).\n\n - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).\n\n - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).\n\n - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158).\n\n - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).\n\n - arm64: fix ACPI dependencies (bsc#1117158).\n\n - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158).\n\n - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_ACPI\n\n - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).\n\n - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).\n\n - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).\n\n - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).\n\n - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).\n\n - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).\n\n - arm: iop: do not use using 64-bit DMA masks (bsc#1051510).\n\n - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).\n\n - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).\n\n - arm: orion: do not use using 64-bit DMA masks (bsc#1051510).\n\n - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).\n\n - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).\n\n - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510).\n\n - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).\n\n - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510).\n\n - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).\n\n - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510).\n\n - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510).\n\n - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510).\n\n - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510).\n\n - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510).\n\n - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).\n\n - block: do not leak memory in bio_copy_user_iov() (bsc#1135309).\n\n - block: Do not revalidate bdev of hidden gendisk (bsc#1120091).\n\n - block: fix the return errno for direct IO (bsc#1135320).\n\n - block: fix use-after-free on gendisk (bsc#1135312).\n\n - Bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556).\n\n - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242).\n\n - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04).\n\n - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10).\n\n - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).\n\n - bonding: fix event handling for stacked bonds (networking-stable-19_04_19).\n\n - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647).\n\n - bpf: Add missed newline in verifier verbose log (bsc#1056787).\n\n - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647).\n\n - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510).\n\n - brcmfmac: fix missing checks for kmemdup (bsc#1051510).\n\n - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510).\n\n - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510).\n\n - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758).\n\n - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151).\n\n - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477).\n\n - btrfs: fix race updating log root item during fsync (bsc#1137153).\n\n - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152).\n\n - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454).\n\n - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612).\n\n - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).\n\n - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478).\n\n - chardev: add additional check for minor range overlap (bsc#1051510).\n\n - CIFS: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).\n\n - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510).\n\n - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510).\n\n - cpufreq: Add Hygon Dhyana support ().\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().\n\n - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510).\n\n - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).\n\n - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).\n\n - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n\n - dccp: Fix memleak in __feat_register_sp (bsc#1051510).\n\n - debugfs: fix use-after-free on symlink traversal (bsc#1051510).\n\n - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).\n\n - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).\n\n - Documentation: Add MDS vulnerability documentation (bsc#1135642).\n\n - Documentation: Correct the possible MDS sysfs values (bsc#1135642).\n\n - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).\n\n - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510).\n\n - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).\n\n - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510).\n\n - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158).\n\n - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510).\n\n - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).\n\n - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510).\n\n - drm/etnaviv: lock MMU while dumping core (bsc#1113722)\n\n - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510).\n\n - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).\n\n - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).\n\n - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510).\n\n - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722)\n\n - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510).\n\n - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722)\n\n - drm/i915/gvt: refine ggtt range validation (bsc#1113722)\n\n - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722)\n\n - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).\n\n - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510).\n\n - drm/imx: do not skip DP channel disable for background plane (bsc#1051510).\n\n - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510).\n\n - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722)\n\n - drm/radeon: prefer lower reference dividers (bsc#1051510).\n\n - drm/rockchip: fix for mailbox read validation (bsc#1051510).\n\n - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510).\n\n - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510).\n\n - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722)\n\n - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510).\n\n - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902).\n\n - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902).\n\n - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535).\n\n - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902).\n\n - EDAC, amd64: Add Hygon Dhyana support ().\n\n - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158).\n\n - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158).\n\n - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).\n\n - efi/arm: libstub: add a root memreserve config table (bsc#1117158).\n\n - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158).\n\n - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158).\n\n - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158).\n\n - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158).\n\n - efi: honour memory reservations passed via a linux specific config table (bsc#1117158).\n\n - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158).\n\n - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158).\n\n - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158).\n\n - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158).\n\n - ext4: actually request zeroing of inode table after grow (bsc#1135315).\n\n - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356).\n\n - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428).\n\n - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).\n\n - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).\n\n - ext4: make sanity check in mballoc more strict (bsc#1136439).\n\n - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438).\n\n - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510).\n\n - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722)\n\n - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722)\n\n - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).\n\n - fix rtnh_ok() (git-fixes).\n\n - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432).\n\n - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435).\n\n - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658).\n\n - fuse: fallocate: fix return with locked inode (bsc#1051510).\n\n - fuse: fix writepages on 32bit (bsc#1051510).\n\n - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).\n\n - genetlink: Fix a memory leak on error path (networking-stable-19_03_28).\n\n - gpio: fix gpio-adp5588 build errors (bsc#1051510).\n\n - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510).\n\n - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).\n\n - HID: input: add mapping for Expose/Overview key (bsc#1051510).\n\n - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510).\n\n - HID: input: add mapping for 'Toggle Display' key (bsc#1051510).\n\n - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429).\n\n - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510).\n\n - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510).\n\n - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510).\n\n - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).\n\n - HID: wacom: Add support for Pro Pen slim (bsc#1051510).\n\n - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510).\n\n - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510).\n\n - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510).\n\n - HID: wacom: Do not set tool type until we're in range (bsc#1051510).\n\n - HID: wacom: fix mistake in printk (bsc#1051510).\n\n - HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510).\n\n - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).\n\n - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510).\n\n - HID: wacom: generic: Refactor generic battery handling (bsc#1051510).\n\n - HID: wacom: generic: Report AES battery information (bsc#1051510).\n\n - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510).\n\n - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510).\n\n - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510).\n\n - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510).\n\n - HID: wacom: generic: Support multiple tools per report (bsc#1051510).\n\n - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510).\n\n - HID: wacom: Mark expected switch fall-through (bsc#1051510).\n\n - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510).\n\n - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510).\n\n - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510).\n\n - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510).\n\n - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510).\n\n - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510).\n\n - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510).\n\n - HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510).\n\n - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).\n\n - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510).\n\n - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).\n\n - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510).\n\n - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510).\n\n - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510).\n\n - hwrng: omap - Set default quality (bsc#1051510).\n\n - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510).\n\n - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331).\n\n - ibmvnic: Add device identification to requested IRQs (bsc#1137739).\n\n - ibmvnic: Do not close unopened driver during reset (bsc#1137752).\n\n - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).\n\n - ibmvnic: Refresh device multicast list after reset (bsc#1137752).\n\n - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).\n\n - igmp: fix incorrect unsolicit report count when join group (git-fixes).\n\n - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).\n\n - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510).\n\n - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510).\n\n - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).\n\n - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503).\n\n - inetpeer: fix uninit-value in inet_getpeer (git-fixes).\n\n - Input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510).\n\n - Input: synaptics-rmi4 - fix possible double free (bsc#1051510).\n\n - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158).\n\n - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671).\n\n - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes).\n\n - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10).\n\n - ipconfig: Correctly initialise ic_nameservers (bsc#1051510).\n\n - ip_gre: fix parsing gre header in ipgre_err (git-fixes).\n\n - ip_tunnel: Fix name string concatenate in\n __ip_tunnel_create() (git-fixes).\n\n - ipv4: add sanity checks in ipv4_link_failure() (git-fixes).\n\n - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes).\n\n - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19).\n\n - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04).\n\n - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19).\n\n - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30).\n\n - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).\n\n - ipv6: fix cleanup ordering for pingv6 registration (git-fixes).\n\n - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes).\n\n - ipv6: invert flowlabel sharing check in process and user mode (git-fixes).\n\n - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes).\n\n - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510).\n\n - ipvlan: fix ipv6 outbound device (bsc#1051510).\n\n - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).\n\n - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes).\n\n - ipvs: fix buffer overflow with sync daemon and service (git-fixes).\n\n - ipvs: fix check on xmit to non-local addresses (git-fixes).\n\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510).\n\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).\n\n - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).\n\n - ipvs: fix stats update from local clients (git-fixes).\n\n - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).\n\n - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510).\n\n - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510).\n\n - jbd2: check superblock mapped prior to committing (bsc#1136430).\n\n - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).\n\n - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647).\n\n - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586).\n\n - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510).\n\n - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes).\n\n - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes).\n\n - keys: safe concurrent user->(session,uid)_keyring access (bsc#1135642).\n\n - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078).\n\n - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840).\n\n - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840).\n\n - KVM: PPC: Remove redundand permission bits removal (bsc#1061840).\n\n - KVM: PPC: Validate all tces before updating tables (bsc#1061840).\n\n - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840).\n\n - KVM: s390: fix memory overwrites when not using SCA entries (bsc#1136206).\n\n - KVM: s390: provide io interrupt kvm_stat (bsc#1136206).\n\n - KVM: s390: use created_vcpus in more places (bsc#1136206).\n\n - KVM: s390: vsie: fix < 8k check for the itdba (bsc#1136206).\n\n - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).\n\n - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).\n\n - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes).\n\n - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510).\n\n - leds: avoid flush_work in atomic context (bsc#1051510).\n\n - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).\n\n - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995).\n\n - livepatch: Remove custom kobject state handling (bsc#1071995).\n\n - livepatch: Remove duplicated code for early initialization (bsc#1071995).\n\n - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).\n\n - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).\n\n - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).\n\n - mac80211: fix unaligned access in mesh table hash function (bsc#1051510).\n\n - mac8390: Fix mmio access size probe (bsc#1051510).\n\n - MD: fix invalid stored role for a disk (bsc#1051510).\n\n - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).\n\n - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510).\n\n - media: au0828: stop video streaming only when last user stops (bsc#1051510).\n\n - media: coda: clear error return value before picture run (bsc#1051510).\n\n - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).\n\n - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510).\n\n - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510).\n\n - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510).\n\n - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510).\n\n - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510).\n\n - media: saa7146: avoid high stack usage with clang (bsc#1051510).\n\n - media: smsusb: better handle optional alignment (bsc#1051510).\n\n - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510).\n\n - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).\n\n - memcg: make it work on sparse non-0-node systems (bnc#1133616).\n\n - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616).\n\n - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510).\n\n - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).\n\n - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510).\n\n - mfd: tps65912-spi: Add missing of table registration (bsc#1051510).\n\n - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).\n\n - mISDN: Check address length before reading address family (bsc#1051510).\n\n - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30).\n\n - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616).\n\n - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510).\n\n - mmc: core: Verify SD bus width (bsc#1051510).\n\n - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510).\n\n - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).\n\n - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510).\n\n - mmc_spi: add a status check for spi_sync_locked (bsc#1051510).\n\n - mm-Fix-modifying-of-page-protection-by-insert_pfn.patch:\n Fix buggy backport leading to MAP_SYNC failures (bsc#1137372)\n\n - mm/huge_memory: fix vmf_insert_pfn_(pmd, pud)() crash, handle unaligned addresses (bsc#1135330).\n\n - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).\n\n - mount: copy the port field into the cloned nfs_server structure (bsc#1136990).\n\n - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).\n\n - mwifiex: Fix possible buffer overflows at parsing bss descriptor\n\n - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes).\n\n - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28).\n\n - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19).\n\n - net: do not keep lonely packets forever in the gro hash (git-fixes).\n\n - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04).\n\n - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes).\n\n - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561).\n\n - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10).\n\n - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes).\n\n - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes).\n\n - netfilter: ebtables: handle string from userspace with care (git-fixes).\n\n - netfilter: ebtables: reject non-bridge targets (git-fixes).\n\n - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes).\n\n - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes).\n\n - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).\n\n - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes).\n\n - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes).\n\n - netfilter: nf_tables: fix leaking object reference count (git-fixes).\n\n - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes).\n\n - netfilter: nf_tables: release chain in flushing set (git-fixes).\n\n - netfilter: nft_compat: do not dump private area (git-fixes).\n\n - netfilter: x_tables: initialise match/target check parameter struct (git-fixes).\n\n - net: Fix a bug in removing queues from XPS map (git-fixes).\n\n - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).\n\n - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19).\n\n - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10).\n\n - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056).\n\n - net/ibmvnic: Remove tests of member address (bsc#1137739).\n\n - net: initialize skb->peeked when cloning (git-fixes).\n\n - net/ipv4: defensive cipso option parsing (git-fixes).\n\n - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes).\n\n - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).\n\n - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes).\n\n - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes).\n\n - netlink: fix uninit-value in netlink_sendmsg (git-fixes).\n\n - net: make skb_partial_csum_set() more robust against overflows (git-fixes).\n\n - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10).\n\n - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10).\n\n - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30).\n\n - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10).\n\n - net/mlx5e: Fix trailing semicolon (bsc#1075020).\n\n - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020).\n\n - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04).\n\n - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30).\n\n - net: rose: fix a possible stack overflow (networking-stable-19_03_28).\n\n - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30).\n\n - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10).\n\n - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129).\n\n - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10).\n\n - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes).\n\n - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28).\n\n - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30).\n\n - net: test tailroom before appending to linear skb (git-fixes).\n\n - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19).\n\n - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19).\n\n - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).\n\n - net: use indirect call wrappers at GRO network layer (bsc#1124503).\n\n - net: use indirect call wrappers at GRO transport layer (bsc#1124503).\n\n - NFS add module option to limit NFSv4 minor version (jsc#PM-231).\n\n - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510).\n\n - nvme: Do not remove namespaces during reset (bsc#1131673).\n\n - nvme: flush scan_work when resetting controller (bsc#1131673).\n\n - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).\n\n - nvmem: core: fix read buffer in place (bsc#1051510).\n\n - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).\n\n - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510).\n\n - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510).\n\n - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).\n\n - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).\n\n - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510).\n\n - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).\n\n - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).\n\n - nvmem: imx-ocotp: Update module description (bsc#1051510).\n\n - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).\n\n - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423).\n\n - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432).\n\n - objtool: Fix function fallthrough detection (bsc#1058115).\n\n - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434).\n\n - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).\n\n - p54: drop device reference count if fails to enable device (bsc#1135642).\n\n - packet: fix reserve calculation (git-fixes).\n\n - packet: in packet_snd start writing at link layer allocation (git-fixes).\n\n - packet: refine ring v3 block size test to hold one frame (git-fixes).\n\n - packet: reset network header if packet shorter than ll reserved space (git-fixes).\n\n - packets: Always register packet sk in the same order (networking-stable-19_03_28).\n\n - parport: Fix mem leak in parport_register_dev_model (bsc#1051510).\n\n - PCI: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes).\n\n - PCI: Factor out pcie_retrain_link() function (git-fixes).\n\n - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).\n\n - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).\n\n - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).\n\n - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum (git-fixes).\n\n - perf tools: Add Hygon Dhyana support ().\n\n - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510).\n\n - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510).\n\n - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510).\n\n - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510).\n\n - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729).\n\n - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199).\n\n - powerpc/eeh: Fix race with driver un/bind (bsc#1065729).\n\n - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729).\n\n - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729).\n\n - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).\n\n - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729).\n\n - powerpc/process: Fix sparse address space warnings (bsc#1065729).\n\n - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204).\n\n - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199).\n\n - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199).\n\n - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510).\n\n - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).\n\n - power: supply: max14656: fix potential use-before-alloc (bsc#1051510).\n\n - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).\n\n - ptrace: take into account saved_sigmask in PTRACE(GET,SET)SIGMASK (git-fixes).\n\n - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).\n\n - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).\n\n - RDMA/hns: Fix bug that caused srq creation to fail (bsc#1104427 ).\n\n - RDMA/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992).\n\n - Revert 'ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops' (bsc#1051510).\n\n - Revert 'HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range' (bsc#1051510).\n\n - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).\n\n - rtc: da9063: set uie_unsupported when relevant (bsc#1051510).\n\n - rtc: do not reference bogus function pointer in kdoc (bsc#1051510).\n\n - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510).\n\n - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).\n\n - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes).\n\n - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes).\n\n - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).\n\n - scsi: qedf: fixup bit operations (bsc#1135542).\n\n - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542).\n\n - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542).\n\n - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444).\n\n - scsi: qla2xxx: fix error message on <qla2400 (bsc#1118139).\n\n - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139).\n\n - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139).\n\n - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139).\n\n - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444).\n\n - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).\n\n - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444).\n\n - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444).\n\n - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444).\n\n - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444).\n\n - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444).\n\n - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444).\n\n - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139).\n\n - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444).\n\n - scsi: qla2xxx: Remove unused symbols (bsc#1118139).\n\n - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444).\n\n - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444).\n\n - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139).\n\n - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04).\n\n - sctp: fix identification of new acks for SFR-CACC (git-fixes).\n\n - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28).\n\n - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10).\n\n - serial: sh-sci: disable DMA for uart_console (bsc#1051510).\n\n - signal: Always notice exiting tasks (git-fixes).\n\n - signal: Better detection of synchronous signals (git-fixes).\n\n - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).\n\n - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).\n\n - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510).\n\n - spi: Fix zero length xfer bug (bsc#1051510).\n\n - spi: Micrel eth switch: declare missing of table (bsc#1051510).\n\n - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331).\n\n - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).\n\n - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510).\n\n - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).\n\n - spi: ST ST95HF NFC: declare missing of table (bsc#1051510).\n\n - spi: tegra114: reset controller on probe (bsc#1051510).\n\n - staging: vc04_services: Fix a couple error codes (bsc#1051510).\n\n - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510).\n\n - staging: wlan-ng: fix adapter initialization failure (bsc#1051510).\n\n - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30).\n\n - switchtec: Fix unintended mask of MRPC event (git-fixes).\n\n - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).\n\n - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n\n - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).\n\n - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10).\n\n - tcp: limit payload size of sacked skbs (bsc#1137586).\n\n - tcp: purge write queue in tcp_connect_init() (git-fixes).\n\n - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).\n\n - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19).\n\n - team: fix possible recursive locking when add slaves (networking-stable-19_04_30).\n\n - team: set slave to promisc if team is already in promisc mode (bsc#1051510).\n\n - test_firmware: Use correct snprintf() limit (bsc#1135642).\n\n - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510).\n\n - thunderbolt: Fix to check for kmemdup failure (bsc#1051510).\n\n - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28).\n\n - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28).\n\n - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes).\n\n - tipc: missing entries in name table of publications (networking-stable-19_04_19).\n\n - tools/cpupower: Add Hygon Dhyana support ().\n\n - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).\n\n - tracing: Fix partial reading of trace event's id file (bsc#1136573).\n\n - treewide: Use DEVICE_ATTR_WO (bsc#1137739).\n\n - tty: ipwireless: fix missing checks for ioremap (bsc#1051510).\n\n - TTY: serial_core, add ->install (bnc#1129693).\n\n - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).\n\n - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).\n\n - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28).\n\n - tun: properly test for IFF_UP (networking-stable-19_03_28).\n\n - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503).\n\n - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323).\n\n - Update config files: CONFIG_NVMEM_IMX_OCOTP=m for armvh7hl/lpae\n\n - Update config files. Debug kernel is not supported (bsc#1135492).\n\n - Update config files: disable CONFIG_IDE on ppc64le\n\n - Update config files for NFSv4.2 Enable NFSv4.2 support - jsc@PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0\n\n - Update cx2072x patches to follow the upstream development (bsc#1068546)\n\n - Update patch reference for ipmi_ssif fix (bsc#1135120)\n\n - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).\n\n - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510).\n\n - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510).\n\n - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).\n\n - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510).\n\n - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510).\n\n - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510).\n\n - usbnet: fix kernel crash after disconnect (bsc#1051510).\n\n - usb: rio500: fix memory leak in close after disconnect (bsc#1051510).\n\n - usb: rio500: refuse more than one device at a time (bsc#1051510).\n\n - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).\n\n - userfaultfd: use RCU to free the task struct when fork fails (git-fixes).\n\n - vhost: reject zero size iova range (networking-stable-19_04_19).\n\n - video: hgafb: fix potential NULL pointer dereference (bsc#1051510).\n\n - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).\n\n - virtio_console: initialize vtermno value for ports (bsc#1051510).\n\n - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10).\n\n - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510).\n\n - vt: always call notifier with the console lock held (bsc#1051510).\n\n - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28).\n\n - vxlan: trivial indenting fix (bsc#1051510).\n\n - vxlan: use __be32 type for the param vni in\n __vxlan_fdb_delete (bsc#1051510).\n\n - w1: fix the resume command API (bsc#1051510).\n\n - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).\n\n - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).\n\n - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).\n\n - x86/alternative: Init ideal_nops for Hygon Dhyana ().\n\n - x86/amd_nb: Check vendor in AMD-only functions ().\n\n - x86/apic: Add Hygon Dhyana support ().\n\n - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery ().\n\n - x86/cpu: Create Hygon Dhyana architecture support file ().\n\n - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().\n\n - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().\n\n - x86/events: Add Hygon Dhyana support to PMU infrastructure ().\n\n - x86/kvm: Add Hygon Dhyana support to KVM ().\n\n - x86/mce: Add Hygon Dhyana support to the MCA infrastructure ().\n\n - x86/mce: Do not disable MCA banks when offlining a CPU on AMD ().\n\n - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge ().\n\n - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana ().\n\n - x86/speculation/mds: Fix documentation typo (bsc#1135642).\n\n - x86/xen: Add Hygon Dhyana support to Xen ().\n\n - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600).\n\n - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600).\n\n - xfrm6: avoid potential infinite loop in\n _decode_session6() (git-fixes).\n\n - xfrm6: call kfree_skb when skb is toobig (git-fixes).\n\n - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes).\n\n - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes).\n\n - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes).\n\n - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes).\n\n - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes).\n\n - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes).\n\n - xfs: add log item pinning error injection tag (bsc#1114427).\n\n - xfs: buffer lru reference count error injection tag (bsc#1114427).\n\n - xfs: check _btree_check_block value (bsc#1123663).\n\n - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).\n\n - xfs: create block pointer check functions (bsc#1123663).\n\n - xfs: create inode pointer verifiers (bsc#1114427).\n\n - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018).\n\n - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013).\n\n - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003).\n\n - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999).\n\n - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005).\n\n - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019).\n\n - xfs: export _inobt_btrec_to_irec and\n _ialloc_cluster_alignment for scrub (bsc#1114427).\n\n - xfs: export various function for the online scrubber (bsc#1123663).\n\n - xfs: expose errortag knobs via sysfs (bsc#1114427).\n\n - xfs: fix s_maxbytes overflow problems (bsc#1137996).\n\n - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).\n\n - xfs: force summary counter recalc at next mount (bsc#1114427).\n\n - xfs: make errortag a per-mountpoint structure (bsc#1123663).\n\n - xfs: make xfs_writepage_map extent map centric (bsc#1138009).\n\n - xfs: minor cleanup for xfs_get_blocks (bsc#1138000).\n\n - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014).\n\n - xfs: move error injection tags into their own file (bsc#1114427).\n\n - xfs: refactor btree block header checking functions (bsc#1123663).\n\n - xfs: refactor btree pointer checks (bsc#1123663).\n\n - xfs: refactor the tail of xfs_writepage_map (bsc#1138016).\n\n - xfs: refactor unmount record write (bsc#1114427).\n\n - xfs: remove the imap_valid flag (bsc#1138012).\n\n - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).\n\n - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995).\n\n - xfs: remove XFS_IO_INVALID (bsc#1138017).\n\n - xfs: remove xfs_map_cow (bsc#1138007).\n\n - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).\n\n - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006).\n\n - xfs: remove xfs_start_page_writeback (bsc#1138015).\n\n - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).\n\n - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008).\n\n - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427).\n\n - xfs: sanity-check the unused space before trying to use it (bsc#1123663).\n\n - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936).\n\n - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011).\n\n - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998).\n\n - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002).\n\n - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510).\n\n - xhci: Use %zu for printing size_t type (bsc#1051510).\n\n - xhci: update bounce buffer with correct sg num (bsc#1051510).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4343", "CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11487", "CVE-2019-11833", "CVE-2019-12380", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1579.NASL", "href": "https://www.tenable.com/plugins/nessus/126040", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1579.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126040);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2013-4343\",\n \"CVE-2018-7191\",\n \"CVE-2019-10124\",\n \"CVE-2019-11085\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11487\",\n \"CVE-2019-11833\",\n \"CVE-2019-12380\",\n \"CVE-2019-12382\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-11477: A sequence of SACKs may have been\n crafted by a remote attacker such that one can trigger\n an integer overflow, leading to a kernel panic.\n (bsc#1137586).\n\n - CVE-2019-11478: It was possible to send a crafted\n sequence of SACKs which would fragment the TCP\n retransmission queue. A remote attacker may have been\n able to further exploit the fragmented queue to cause an\n expensive linked-list walk for subsequent SACKs received\n for that same TCP connection. (bsc#1137586)\n\n - CVE-2019-11479: It was possible to send a crafted\n sequence of SACKs which would fragment the RACK send\n map. A remote attacker may be able to further exploit\n the fragmented send map to cause an expensive\n linked-list walk for subsequent SACKs received for that\n same TCP connection. This would have resulted in excess\n resource consumption due to low mss values.\n (bsc#1137586)\n\n - CVE-2019-12819: The function __mdiobus_register() in\n drivers/net/phy/mdio_bus.c calls put_device(), which\n will trigger a fixed_mdio_bus_init use-after-free. This\n will cause a denial of service (bnc#1138291).\n\n - CVE-2019-12818: The nfc_llcp_build_tlv function in\n net/nfc/llcp_commands.c may return NULL. If the caller\n did not check for this, it will trigger a NULL pointer\n dereference. This will cause denial of service. This\n affects nfc_llcp_build_gb in net/nfc/llcp_core.c\n (bnc#1138293).\n\n - CVE-2019-12456: local users could cause a denial of\n service or possibly have unspecified other impact by\n changing the value of ioc_number between two kernel\n reads of that value, aka a 'double fetch' vulnerability.\n (bnc#1136922)\n\n - CVE-2019-12380: phys_efi_set_virtual_address_map in\n arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory\n allocation failures (bnc#1136598).\n\n - CVE-2019-3846: A flaw that allowed an attacker to\n corrupt memory and possibly escalate privileges was\n found in the mwifiex kernel module while connecting to a\n malicious wireless network (bnc#1136424).\n\n - CVE-2019-10124: An attacker could exploit an issue in\n the hwpoison implementation to cause a denial of service\n (BUG). (bsc#1130699)\n\n - CVE-2019-12382: An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c. There was an unchecked\n kstrdup of fwstr, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system\n crash) (bnc#1136586).\n\n - CVE-2019-11487: The Linux kernel before 5.1-rc5 allowed\n page->_refcount reference count overflow, with resultant\n use-after-free issues, if about 140 GiB of RAM exists.\n This is related to fs/fuse/dev.c, fs/pipe.c,\n fs/splice.c, include/linux/mm.h,\n include/linux/pipe_fs_i.h, kernel/trace/trace.c,\n mm/gup.c, and mm/hugetlb.c. It can occur with FUSE\n requests (bnc#1133190).\n\n - CVE-2019-5489: The mincore() implementation in\n mm/mincore.c allowed local attackers to observe page\n cache access patterns of other processes on the same\n system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server\n (bnc#1120843).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the\n unused memory region in the extent tree block, which\n might allow local users to obtain sensitive information\n by reading uninitialized data in the filesystem\n (bnc#1135281).\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name\n is not called before register_netdevice. This allowed\n local users to cause a denial of service (NULL pointer\n dereference and panic) via an ioctl(TUNSETIFF) call with\n a dev name containing a / character. This is similar to\n CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel\n Mode Driver in Intel(R) i915 Graphics may have allowed\n an authenticated user to potentially enable escalation\n of privilege via local access (bnc#1135278).\n\nThe following non-security bugs were fixed :\n\n - 9p locks: add mount option for lock retry interval\n (bsc#1051510).\n\n - ACPI: Add Hygon Dhyana support ().\n\n - ACPI: button: reinitialize button state upon resume\n (bsc#1051510).\n\n - ACPICA: AML interpreter: add region addresses in global\n list during initialization (bsc#1051510).\n\n - ACPICA: Namespace: remove address node from global list\n after method termination (bsc#1051510).\n\n - ACPI: fix menuconfig presentation of ACPI submenu\n (bsc#1117158).\n\n - ACPI / property: fix handling of data_nodes in\n acpi_get_next_subnode() (bsc#1051510).\n\n - ACPI / utils: Drop reference in test for device presence\n (bsc#1051510).\n\n - ALSA: firewire-motu: fix destruction of data for\n isochronous resources (bsc#1051510).\n\n - ALSA: hda/realtek - Avoid superfluous COEF EAPD setups\n (bsc#1051510).\n\n - ALSA: hda/realtek - Corrected fixup for System76 Gazelle\n (gaze14) (bsc#1051510).\n\n - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted\n internal microphone bug (bsc#1051510).\n\n - ALSA: hda/realtek - Fixup headphone noise via runtime\n suspend (bsc#1051510).\n\n - ALSA: hda/realtek - Improve the headset mic for Acer\n Aspire laptops (bsc#1051510).\n\n - ALSA: hda/realtek - Set default power save node to 0\n (bsc#1051510).\n\n - ALSA: hda/realtek - Update headset mode for ALC256\n (bsc#1051510).\n\n - ALSA: hda - Use a macro for snd_array iteration loops\n (bsc#1051510).\n\n - ALSA: oxfw: allow PCM capture for Stanton SCS.1m\n (bsc#1051510).\n\n - appletalk: Fix compile regression (bsc#1051510).\n\n - appletalk: Fix use-after-free in atalk_proc_exit\n (bsc#1051510).\n\n - arch: arm64: acpi: KABI ginore includes (bsc#1117158\n bsc#1134671).\n\n - arm64: acpi: fix alignment fault in accessing ACPI\n (bsc#1117158).\n\n - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).\n\n - arm64: fix ACPI dependencies (bsc#1117158).\n\n - arm64, mm, efi: Account for GICv3 LPI tables in static\n memblock reserve table (bsc#1117158).\n\n - arm64/x86: Update config files. Use\n CONFIG_ARCH_SUPPORTS_ACPI\n\n - arm: 8824/1: fix a migrating irq bug when hotplug cpu\n (bsc#1051510).\n\n - arm: 8833/1: Ensure that NEON code always compiles with\n Clang (bsc#1051510).\n\n - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t\n (bsc#1051510).\n\n - arm: 8840/1: use a raw_spinlock_t in unwind\n (bsc#1051510).\n\n - arm: avoid Cortex-A9 livelock on tight dmb loops\n (bsc#1051510).\n\n - arm: imx6q: cpuidle: fix bug that CPU might not wake up\n at expected time (bsc#1051510).\n\n - arm: iop: do not use using 64-bit DMA masks\n (bsc#1051510).\n\n - arm: OMAP2+: fix lack of timer interrupts on CPU1 after\n hotplug (bsc#1051510).\n\n - arm: OMAP2+: Variable 'reg' in function\n omap4_dsi_mux_pads() could be uninitialized\n (bsc#1051510).\n\n - arm: orion: do not use using 64-bit DMA masks\n (bsc#1051510).\n\n - arm: pxa: ssp: unneeded to free devm_ allocated data\n (bsc#1051510).\n\n - arm: s3c24xx: Fix boolean expressions in\n osiris_dvs_notify (bsc#1051510).\n\n - arm: samsung: Limit SAMSUNG_PM_CHECK config option to\n non-Exynos platforms (bsc#1051510).\n\n - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).\n\n - ASoC: eukrea-tlv320: fix a leaked reference by adding\n missing of_node_put (bsc#1051510).\n\n - ASoC: fsl_asrc: Fix the issue about unsupported rate\n (bsc#1051510).\n\n - ASoC: fsl_sai: Update is_slave_mode with correct value\n (bsc#1051510).\n\n - ASoC: fsl_utils: fix a leaked reference by adding\n missing of_node_put (bsc#1051510).\n\n - ASoC: hdmi-codec: unlock the device on startup errors\n (bsc#1051510).\n\n - backlight: lm3630a: Return 0 on success in update_status\n functions (bsc#1051510).\n\n - batman-adv: allow updating DAT entry timeouts on\n incoming ARP Replies (bsc#1051510).\n\n - blk-mq: fix hang caused by freeze/unfreeze sequence\n (bsc#1128432).\n\n - block: do not leak memory in bio_copy_user_iov()\n (bsc#1135309).\n\n - block: Do not revalidate bdev of hidden gendisk\n (bsc#1120091).\n\n - block: fix the return errno for direct IO (bsc#1135320).\n\n - block: fix use-after-free on gendisk (bsc#1135312).\n\n - Bluetooth: Check key sizes only when Secure Simple\n Pairing is enabled (bsc#1135556).\n\n - bnxt_en: Free short FW command HWRM memory in error path\n in bnxt_init_one() (bsc#1050242).\n\n - bnxt_en: Improve multicast address setup logic\n (networking-stable-19_05_04).\n\n - bnxt_en: Improve RX consumer index validity check\n (networking-stable-19_04_10).\n\n - bnxt_en: Reset device on RX buffer errors\n (networking-stable-19_04_10).\n\n - bonding: fix event handling for stacked bonds\n (networking-stable-19_04_19).\n\n - bpf: add map_lookup_elem_sys_only for lookups from\n syscall side (bsc#1083647).\n\n - bpf: Add missed newline in verifier verbose log\n (bsc#1056787).\n\n - bpf, lru: avoid messing with eviction heuristics upon\n syscall lookup (bsc#1083647).\n\n - brcmfmac: convert dev_init_lock mutex to completion\n (bsc#1051510).\n\n - brcmfmac: fix missing checks for kmemdup (bsc#1051510).\n\n - brcmfmac: fix Oops when bringing up interface during USB\n disconnect (bsc#1051510).\n\n - brcmfmac: fix race during disconnect when USB completion\n is in progress (bsc#1051510).\n\n - brcmfmac: fix WARNING during USB disconnect in case of\n unempty psq (bsc#1051510).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: do not allow trimming when a fs is mounted with\n the nologreplay option (bsc#1135758).\n\n - btrfs: do not double unlock on error in btrfs_punch_hole\n (bsc#1136881).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to\n add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n add_pinned_bytes() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n btrfs_free_extent() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: fix fsync not persisting changed attributes of a\n directory (bsc#1137151).\n\n - btrfs: fix race between ranged fsync and writeback of\n adjacent ranges (bsc#1136477).\n\n - btrfs: fix race updating log root item during fsync\n (bsc#1137153).\n\n - btrfs: fix wrong ctime and mtime of a directory after\n log replay (bsc#1137152).\n\n - btrfs: improve performance on fsync of files with\n multiple hardlinks (bsc#1123454).\n\n - btrfs: qgroup: Check bg while resuming relocation to\n avoid NULL pointer dereference (bsc#1134806).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc\n tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: reloc: Also queue orphan reloc tree for cleanup\n to avoid BUG_ON() (bsc#1133612).\n\n - btrfs: send, flush dellaloc in order to avoid data loss\n (bsc#1133320).\n\n - btrfs: tree-checker: detect file extent items with\n overlapping ranges (bsc#1136478).\n\n - chardev: add additional check for minor range overlap\n (bsc#1051510).\n\n - CIFS: keep FileInfo handle live during oplock break\n (bsc#1106284, bsc#1131565).\n\n - configfs: fix possible use-after-free in\n configfs_register_group (bsc#1051510).\n\n - configfs: Fix use-after-free when accessing sd->s_dentry\n (bsc#1051510).\n\n - cpufreq: Add Hygon Dhyana support ().\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ\n ().\n\n - crypto: caam - fix caam_dump_sg that iterates through\n scatterlist (bsc#1051510).\n\n - crypto: vmx - CTR: always increment IV as quadword\n (bsc#1051510).\n\n - crypto: vmx - ghash: do nosimd fallback manually\n (bsc#1135661, bsc#1137162).\n\n - crypto: vmx - return correct error code on failed setkey\n (bsc#1135661, bsc#1137162).\n\n - dccp: do not use ipv6 header for ipv4 flow\n (networking-stable-19_03_28).\n\n - dccp: Fix memleak in __feat_register_sp (bsc#1051510).\n\n - debugfs: fix use-after-free on symlink traversal\n (bsc#1051510).\n\n - devres: Align data[] to ARCH_KMALLOC_MINALIGN\n (bsc#1051510).\n\n - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).\n\n - Documentation: Add MDS vulnerability documentation\n (bsc#1135642).\n\n - Documentation: Correct the possible MDS sysfs values\n (bsc#1135642).\n\n - drbd: Avoid Clang warning about pointless switch\n statment (bsc#1051510).\n\n - drbd: disconnect, if the wrong UUIDs are attached on a\n connected peer (bsc#1051510).\n\n - drbd: narrow rcu_read_lock in drbd_sync_handshake\n (bsc#1051510).\n\n - drbd: skip spurious timeout (ping-timeo) when failing\n promote (bsc#1051510).\n\n - drivers: acpi: add dependency of EFI for arm64\n (bsc#1117158).\n\n - drm/amdgpu: fix old fence check in amdgpu_fence_emit\n (bsc#1051510).\n\n - drm/bridge: adv7511: Fix low refresh rate selection\n (bsc#1051510).\n\n - drm/drv: Hold ref on parent device during drm_device\n lifetime (bsc#1051510).\n\n - drm/etnaviv: lock MMU while dumping core (bsc#1113722)\n\n - drm/gma500/cdv: Check vbt config bits when detecting\n lvds panels (bsc#1051510).\n\n - drm/i915: Disable LP3 watermarks on all SNB machines\n (bsc#1051510).\n\n - drm/i915: Downgrade Gen9 Plane WM latency error\n (bsc#1051510).\n\n - drm/i915/fbc: disable framebuffer compression on\n GeminiLake (bsc#1051510).\n\n - drm/i915/gvt: add 0x4dfc to gen9 save-restore list\n (bsc#1113722)\n\n - drm/i915/gvt: do not let TRTTE and 0x4dfc write\n passthrough to hardware (bsc#1051510).\n\n - drm/i915/gvt: Fix cmd length of VEB_DI_IECP\n (bsc#1113722)\n\n - drm/i915/gvt: refine ggtt range validation (bsc#1113722)\n\n - drm/i915/gvt: Tiled Resources mmios are in-context mmios\n for gen9+ (bsc#1113722)\n\n - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).\n\n - drm/i915/sdvo: Implement proper HDMI audio support for\n SDVO (bsc#1051510).\n\n - drm/imx: do not skip DP channel disable for background\n plane (bsc#1051510).\n\n - drm/nouveau/disp/dp: respect sink limits when selecting\n failsafe link configuration (bsc#1051510).\n\n - drm/nouveau/i2c: Disable i2c bus access after ->fini()\n (bsc#1113722)\n\n - drm/radeon: prefer lower reference dividers\n (bsc#1051510).\n\n - drm/rockchip: fix for mailbox read validation\n (bsc#1051510).\n\n - drm/vmwgfx: Do not send drm sysfs hotplug events on\n initial master set (bsc#1051510).\n\n - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader()\n leading to an invalid read (bsc#1051510).\n\n - drm/vmwgfx: NULL pointer dereference from\n vmw_cmd_dx_view_define() (bsc#1113722)\n\n - drm: Wake up next in drm_read() chain if we are forced\n to putback the event (bsc#1051510).\n\n - dt-bindings: clock: r8a7795: Remove CSIREF clock\n (bsc#1120902).\n\n - dt-bindings: clock: r8a7796: Remove CSIREF clock\n (bsc#1120902).\n\n - dt-bindings: net: Add binding for the external clock for\n TI WiLink (bsc#1085535).\n\n - dt-bindings: rtc: sun6i-rtc: Fix register range in\n example (bsc#1120902).\n\n - EDAC, amd64: Add Hygon Dhyana support ().\n\n - efi: add API to reserve memory persistently across kexec\n reboot (bsc#1117158).\n\n - efi/arm: Defer persistent reservations until after\n paging_init() (bsc#1117158).\n\n - efi/arm: Do not mark ACPI reclaim memory as\n MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).\n\n - efi/arm: libstub: add a root memreserve config table\n (bsc#1117158).\n\n - efi/arm: map UEFI memory map even w/o runtime services\n enabled (bsc#1117158).\n\n - efi/arm: preserve early mapping of UEFI memory map\n longer for BGRT (bsc#1117158).\n\n - efi/arm: Revert 'Defer persistent reservations until\n after paging_init()' (bsc#1117158).\n\n - efi/arm: Revert deferred unmap of early memmap mapping\n (bsc#1117158).\n\n - efi: honour memory reservations passed via a linux\n specific config table (bsc#1117158).\n\n - efi: Permit calling efi_mem_reserve_persistent() from\n atomic context (bsc#1117158).\n\n - efi: Permit multiple entries in persistent memreserve\n data structure (bsc#1117158).\n\n - efi: Prevent GICv3 WARN() by mapping the memreserve\n table before first use (bsc#1117158).\n\n - efi: Reduce the amount of memblock reservations for\n persistent allocations (bsc#1117158).\n\n - ext4: actually request zeroing of inode table after grow\n (bsc#1135315).\n\n - ext4: avoid panic during forced reboot due to aborted\n journal (bsc#1126356).\n\n - ext4: fix data corruption caused by overlapping\n unaligned and aligned IO (bsc#1136428).\n\n - ext4: fix ext4_show_options for file systems w/o journal\n (bsc#1135316).\n\n - ext4: fix use-after-free race with\n debug_want_extra_isize (bsc#1135314).\n\n - ext4: make sanity check in mballoc more strict\n (bsc#1136439).\n\n - ext4: wait for outstanding dio during truncate in\n nojournal mode (bsc#1136438).\n\n - extcon: arizona: Disable mic detect if running when\n driver is removed (bsc#1051510).\n\n - fbdev: fix divide error in fb_var_to_videomode\n (bsc#1113722)\n\n - fbdev: fix WARNING in __alloc_pages_nodemask bug\n (bsc#1113722)\n\n - firmware: efi: factor out mem_reserve (bsc#1117158\n bsc#1134671).\n\n - fix rtnh_ok() (git-fixes).\n\n - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL\n writeback (bsc#1136432).\n\n - fs/writeback.c: use rcu_barrier() to wait for inflight\n wb switches going into workqueue when umount\n (bsc#1136435).\n\n - ftrace/x86_64: Emulate call function while updating in\n breakpoint handler (bsc#1099658).\n\n - fuse: fallocate: fix return with locked inode\n (bsc#1051510).\n\n - fuse: fix writepages on 32bit (bsc#1051510).\n\n - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate\n (bsc#1051510).\n\n - genetlink: Fix a memory leak on error path\n (networking-stable-19_03_28).\n\n - gpio: fix gpio-adp5588 build errors (bsc#1051510).\n\n - gpio: Remove obsolete comment about gpiochip_free_hogs()\n usage (bsc#1051510).\n\n - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).\n\n - HID: input: add mapping for Expose/Overview key\n (bsc#1051510).\n\n - HID: input: add mapping for keyboard Brightness\n Up/Down/Toggle keys (bsc#1051510).\n\n - HID: input: add mapping for 'Toggle Display' key\n (bsc#1051510).\n\n - HID: input: fix a4tech horizontal wheel custom usage\n (bsc#1137429).\n\n - HID: logitech-hidpp: change low battery level threshold\n from 31 to 30 percent (bsc#1051510).\n\n - HID: logitech-hidpp: use RAP instead of FAP to get the\n protocol version (bsc#1051510).\n\n - HID: wacom: Add ability to provide explicit battery\n status info (bsc#1051510).\n\n - HID: wacom: Add support for 3rd generation Intuos BT\n (bsc#1051510).\n\n - HID: wacom: Add support for Pro Pen slim (bsc#1051510).\n\n - HID: wacom: convert Wacom custom usages to standard HID\n usages (bsc#1051510).\n\n - HID: wacom: Correct button numbering 2nd-gen Intuos Pro\n over Bluetooth (bsc#1051510).\n\n - HID: wacom: Do not report anything prior to the tool\n entering range (bsc#1051510).\n\n - HID: wacom: Do not set tool type until we're in range\n (bsc#1051510).\n\n - HID: wacom: fix mistake in printk (bsc#1051510).\n\n - HID: wacom: generic: add the 'Report Valid' usage\n (bsc#1051510).\n\n - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0\n (bsc#1051510).\n\n - HID: wacom: generic: Leave tool in prox until it\n completely leaves sense (bsc#1051510).\n\n - HID: wacom: generic: Refactor generic battery handling\n (bsc#1051510).\n\n - HID: wacom: generic: Report AES battery information\n (bsc#1051510).\n\n - HID: wacom: generic: Reset events back to zero when pen\n leaves (bsc#1051510).\n\n - HID: wacom: generic: Scale battery capacity measurements\n to percentages (bsc#1051510).\n\n - HID: wacom: generic: Send BTN_STYLUS3 when both barrel\n switches are set (bsc#1051510).\n\n - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the\n pen enters range (bsc#1051510).\n\n - HID: wacom: generic: Support multiple tools per report\n (bsc#1051510).\n\n - HID: wacom: generic: Use generic codepath terminology in\n wacom_wac_pen_report (bsc#1051510).\n\n - HID: wacom: Mark expected switch fall-through\n (bsc#1051510).\n\n - HID: wacom: Move handling of HID quirks into a dedicated\n function (bsc#1051510).\n\n - HID: wacom: Move HID fix for AES serial number into\n wacom_hid_usage_quirk (bsc#1051510).\n\n - HID: wacom: Properly handle AES serial number and tool\n type (bsc#1051510).\n\n - HID: wacom: Queue events with missing type/serial data\n for later processing (bsc#1051510).\n\n - HID: wacom: Remove comparison of u8 mode with zero and\n simplify (bsc#1051510).\n\n - HID: wacom: Replace touch_max fixup code with static\n touch_max definitions (bsc#1051510).\n\n - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT\n eraser contact (bsc#1051510).\n\n - HID: wacom: Support 'in range' for Intuos/Bamboo tablets\n where possible (bsc#1051510).\n\n - HID: Wacom: switch Dell canvas into highres mode\n (bsc#1051510).\n\n - HID: wacom: Sync INTUOSP2_BT touch state after each\n frame if necessary (bsc#1051510).\n\n - HID: wacom: wacom_wac_collection() is local to\n wacom_wac.c (bsc#1051510).\n\n - HID: wacom: Work around HID descriptor bug in DTK-2451\n and DTH-2452 (bsc#1051510).\n\n - hwmon: (core) add thermal sensors only if dev->of_node\n is present (bsc#1051510).\n\n - hwmon: (pmbus/core) Treat parameters as paged if on\n multiple pages (bsc#1051510).\n\n - hwrng: omap - Set default quality (bsc#1051510).\n\n - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr\n (bsc#1051510).\n\n - i2c: i801: Add support for Intel Comet Lake\n (jsc#SLE-5331).\n\n - ibmvnic: Add device identification to requested IRQs\n (bsc#1137739).\n\n - ibmvnic: Do not close unopened driver during reset\n (bsc#1137752).\n\n - ibmvnic: Fix unchecked return codes of memory\n allocations (bsc#1137752).\n\n - ibmvnic: Refresh device multicast list after reset\n (bsc#1137752).\n\n - ibmvnic: remove set but not used variable 'netdev'\n (bsc#1137739).\n\n - igmp: fix incorrect unsolicit report count when join\n group (git-fixes).\n\n - iio: adc: xilinx: fix potential use-after-free on remove\n (bsc#1051510).\n\n - iio: ad_sigma_delta: Properly handle SPI bus locking vs\n CS assertion (bsc#1051510).\n\n - iio: common: ssp_sensors: Initialize calculated_time in\n ssp_common_process_data (bsc#1051510).\n\n - iio: hmc5843: fix potential NULL pointer dereferences\n (bsc#1051510).\n\n - indirect call wrappers: helpers to speed-up indirect\n calls of builtin (bsc#1124503).\n\n - inetpeer: fix uninit-value in inet_getpeer (git-fixes).\n\n - Input: elan_i2c - add hardware ID for multiple Lenovo\n laptops (bsc#1051510).\n\n - Input: synaptics-rmi4 - fix possible double free\n (bsc#1051510).\n\n - iommu/arm-smmu-v3: Abort all transactions if SMMU is\n enabled in kdump kernel (bsc#1117158).\n\n - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel\n (bsc#1117158 bsc#1134671).\n\n - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's\n provided src address (git-fixes).\n\n - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type\n (networking-stable-19_04_10).\n\n - ipconfig: Correctly initialise ic_nameservers\n (bsc#1051510).\n\n - ip_gre: fix parsing gre header in ipgre_err (git-fixes).\n\n - ip_tunnel: Fix name string concatenate in\n __ip_tunnel_create() (git-fixes).\n\n - ipv4: add sanity checks in ipv4_link_failure()\n (git-fixes).\n\n - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET\n is disabled (git-fixes).\n\n - ipv4: ensure rcu_read_lock() in ipv4_link_failure()\n (networking-stable-19_04_19).\n\n - ipv4: ip_do_fragment: Preserve skb_iif during\n fragmentation (networking-stable-19_05_04).\n\n - ipv4: recompile ip options in ipv4_link_failure\n (networking-stable-19_04_19).\n\n - ipv4: set the tcp_min_rtt_wlen range from 0 to one day\n (networking-stable-19_04_30).\n\n - ipv6: fix cleanup ordering for ip6_mr failure\n (git-fixes).\n\n - ipv6: fix cleanup ordering for pingv6 registration\n (git-fixes).\n\n - ipv6/flowlabel: wait rcu grace period before put_pid()\n (git-fixes).\n\n - ipv6: invert flowlabel sharing check in process and user\n mode (git-fixes).\n\n - ipv6: mcast: fix unsolicited report interval after\n receiving querys (git-fixes).\n\n - ipvlan: Add the skb->mark as flow4's member to lookup\n route (bsc#1051510).\n\n - ipvlan: fix ipv6 outbound device (bsc#1051510).\n\n - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).\n\n - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf\n (git-fixes).\n\n - ipvs: fix buffer overflow with sync daemon and service\n (git-fixes).\n\n - ipvs: fix check on xmit to non-local addresses\n (git-fixes).\n\n - ipvs: fix race between ip_vs_conn_new() and\n ip_vs_del_dest() (bsc#1051510).\n\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread\n (git-fixes).\n\n - ipvs: Fix signed integer overflow when setsockopt\n timeout (bsc#1051510).\n\n - ipvs: fix stats update from local clients (git-fixes).\n\n - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).\n\n - iwlwifi: mvm: check for length correctness in\n iwl_mvm_create_skb() (bsc#1051510).\n\n - iwlwifi: pcie: do not crash on invalid RX interrupt\n (bsc#1051510).\n\n - jbd2: check superblock mapped prior to committing\n (bsc#1136430).\n\n - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter\n (bsc#1137586).\n\n - kabi: implement map_lookup_elem_sys_only in another way\n (bsc#1083647).\n\n - kabi: move sysctl_tcp_min_snd_mss to preserve struct net\n layout (bsc#1137586).\n\n - kABI workaround for the new pci_dev.skip_bus_pm field\n addition (bsc#1051510).\n\n - kernel/signal.c: trace_signal_deliver when\n signal_group_exit (git-fixes).\n\n - kernel/sys.c: prctl: fix false positive in\n validate_prctl_map() (git-fixes).\n\n - keys: safe concurrent user->(session,uid)_keyring access\n (bsc#1135642).\n\n - kmsg: Update message catalog to latest IBM level\n (2019/03/08) (bsc#1128904 LTC#176078).\n\n - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE\n realmode handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of\n passthrough interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S: Protect memslots while validating user\n address (bsc#1061840).\n\n - KVM: PPC: Release all hardware TCE tables attached to a\n group (bsc#1061840).\n\n - KVM: PPC: Remove redundand permission bits removal\n (bsc#1061840).\n\n - KVM: PPC: Validate all tces before updating tables\n (bsc#1061840).\n\n - KVM: PPC: Validate TCEs against preregistered memory\n page sizes (bsc#1061840).\n\n - KVM: s390: fix memory overwrites when not using SCA\n entries (bsc#1136206).\n\n - KVM: s390: provide io interrupt kvm_stat (bsc#1136206).\n\n - KVM: s390: use created_vcpus in more places\n (bsc#1136206).\n\n - KVM: s390: vsie: fix < 8k check for the itdba\n (bsc#1136206).\n\n - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).\n\n - l2tp: filter out non-PPP sessions in\n pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: fix missing refcount drop in\n pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: only accept PPP sessions in pppol2tp_connect()\n (git-fixes).\n\n - l2tp: prevent pppol2tp_connect() from creating kernel\n sockets (git-fixes).\n\n - l2tp: revert 'l2tp: fix missing print session offset\n info' (bsc#1051510).\n\n - leds: avoid flush_work in atomic context (bsc#1051510).\n\n - leds: pwm: silently error out on EPROBE_DEFER\n (bsc#1051510).\n\n - livepatch: Convert error about unsupported reliable\n stacktrace into a warning (bsc#1071995).\n\n - livepatch: Remove custom kobject state handling\n (bsc#1071995).\n\n - livepatch: Remove duplicated code for early\n initialization (bsc#1071995).\n\n - mac80211/cfg80211: update bss channel on channel switch\n (bsc#1051510).\n\n - mac80211: Fix kernel panic due to use of txq after free\n (bsc#1051510).\n\n - mac80211: fix memory accounting with A-MSDU aggregation\n (bsc#1051510).\n\n - mac80211: fix unaligned access in mesh table hash\n function (bsc#1051510).\n\n - mac8390: Fix mmio access size probe (bsc#1051510).\n\n - MD: fix invalid stored role for a disk (bsc#1051510).\n\n - media: atmel: atmel-isc: fix INIT_WORK misplacement\n (bsc#1051510).\n\n - media: au0828: Fix NULL pointer dereference in\n au0828_analog_stream_enable() (bsc#1051510).\n\n - media: au0828: stop video streaming only when last user\n stops (bsc#1051510).\n\n - media: coda: clear error return value before picture run\n (bsc#1051510).\n\n - media: cpia2: Fix use-after-free in cpia2_exit\n (bsc#1051510).\n\n - media: davinci/vpbe: array underflow in\n vpbe_enum_outputs() (bsc#1051510).\n\n - media: go7007: avoid clang frame overflow warning with\n KASAN (bsc#1051510).\n\n - media: m88ds3103: serialize reset messages in\n m88ds3103_set_frontend (bsc#1051510).\n\n - media: omap_vout: potential buffer overflow in\n vidioc_dqbuf() (bsc#1051510).\n\n - media: ov2659: make S_FMT succeed even if requested\n format does not match (bsc#1051510).\n\n - media: saa7146: avoid high stack usage with clang\n (bsc#1051510).\n\n - media: smsusb: better handle optional alignment\n (bsc#1051510).\n\n - media: usb: siano: Fix false-positive 'uninitialized\n variable' warning (bsc#1051510).\n\n - media: usb: siano: Fix general protection fault in\n smsusb (bsc#1051510).\n\n - memcg: make it work on sparse non-0-node systems\n (bnc#1133616).\n\n - memcg: make it work on sparse non-0-node systems kabi\n (bnc#1133616).\n\n - mfd: da9063: Fix OTP control register names to match\n datasheets for DA9063/63L (bsc#1051510).\n\n - mfd: intel-lpss: Set the device in reset state when init\n (bsc#1051510).\n\n - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values\n (bsc#1051510).\n\n - mfd: tps65912-spi: Add missing of table registration\n (bsc#1051510).\n\n - mfd: twl6040: Fix device init errors for ACCCTL register\n (bsc#1051510).\n\n - mISDN: Check address length before reading address\n family (bsc#1051510).\n\n - mlxsw: spectrum: Fix autoneg status in ethtool\n (networking-stable-19_04_30).\n\n - mmc: block: Delete gendisk before cleaning up the\n request queue (bsc#1127616).\n\n - mmc: core: make pwrseq_emmc (partially) support sleepy\n GPIO controllers (bsc#1051510).\n\n - mmc: core: Verify SD bus width (bsc#1051510).\n\n - mmc: mmci: Prevent polling for busy detection in IRQ\n context (bsc#1051510).\n\n - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50\n data hold time problem (bsc#1051510).\n\n - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold\n time problem (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: add erratum A-009204 support\n (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: add erratum eSDHC5 support\n (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358\n support (bsc#1051510).\n\n - mmc_spi: add a status check for spi_sync_locked\n (bsc#1051510).\n\n - mm-Fix-modifying-of-page-protection-by-insert_pfn.patch:\n Fix buggy backport leading to MAP_SYNC failures\n (bsc#1137372)\n\n - mm/huge_memory: fix vmf_insert_pfn_(pmd, pud)() crash,\n handle unaligned addresses (bsc#1135330).\n\n - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings\n (bnc#1012382).\n\n - mount: copy the port field into the cloned nfs_server\n structure (bsc#1136990).\n\n - mwifiex: Fix heap overflow in\n mwifiex_uap_parse_tail_ies() (bsc#1136935).\n\n - mwifiex: Fix possible buffer overflows at parsing bss\n descriptor\n\n - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit\n (git-fixes).\n\n - net: aquantia: fix rx checksum offload for UDP/TCP over\n IPv6 (networking-stable-19_03_28).\n\n - net: atm: Fix potential Spectre v1 vulnerabilities\n (networking-stable-19_04_19).\n\n - net: do not keep lonely packets forever in the gro hash\n (git-fixes).\n\n - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc\n (networking-stable-19_05_04).\n\n - net: dsa: mv88e6xxx: fix handling of upper half of\n STATS_TYPE_PORT (git-fixes).\n\n - net: ena: fix return value of ena_com_config_llq_info()\n (bsc#1111696 bsc#1117561).\n\n - net: ethtool: not call vzalloc for zero sized memory\n request (networking-stable-19_04_10).\n\n - netfilter: bridge: Do not sabotage nf_hook calls from an\n l3mdev (git-fixes).\n\n - netfilter: ebtables: CONFIG_COMPAT: reject trailing data\n after last rule (git-fixes).\n\n - netfilter: ebtables: handle string from userspace with\n care (git-fixes).\n\n - netfilter: ebtables: reject non-bridge targets\n (git-fixes).\n\n - netfilter: ipset: do not call ipset_nest_end after\n nla_nest_cancel (git-fixes).\n\n - netfilter: nf_log: do not hold nf_log_mutex during user\n access (git-fixes).\n\n - netfilter: nf_log: fix uninit read in\n nf_log_proc_dostring (git-fixes).\n\n - netfilter: nf_tables: can't fail after linking rule into\n active rule list (git-fixes).\n\n - netfilter: nf_tables: check msg_type before\n nft_trans_set(trans) (git-fixes).\n\n - netfilter: nf_tables: fix leaking object reference count\n (git-fixes).\n\n - netfilter: nf_tables: fix NULL pointer dereference on\n nft_ct_helper_obj_dump() (git-fixes).\n\n - netfilter: nf_tables: release chain in flushing set\n (git-fixes).\n\n - netfilter: nft_compat: do not dump private area\n (git-fixes).\n\n - netfilter: x_tables: initialise match/target check\n parameter struct (git-fixes).\n\n - net: Fix a bug in removing queues from XPS map\n (git-fixes).\n\n - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).\n\n - net: fou: do not use guehdr after iptunnel_pull_offloads\n in gue_udp_recv (networking-stable-19_04_19).\n\n - net-gro: Fix GRO flush when receiving a GSO packet\n (networking-stable-19_04_10).\n\n - net: hns3: remove resetting check in\n hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056).\n\n - net/ibmvnic: Remove tests of member address\n (bsc#1137739).\n\n - net: initialize skb->peeked when cloning (git-fixes).\n\n - net/ipv4: defensive cipso option parsing (git-fixes).\n\n - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on\n new inet6_dev (git-fixes).\n\n - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).\n\n - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to\n devices (git-fixes).\n\n - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE\n (git-fixes).\n\n - netlink: fix uninit-value in netlink_sendmsg\n (git-fixes).\n\n - net: make skb_partial_csum_set() more robust against\n overflows (git-fixes).\n\n - net/mlx5: Decrease default mr cache size\n (networking-stable-19_04_10).\n\n - net/mlx5e: Add a lock on tir list\n (networking-stable-19_04_10).\n\n - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high\n pages query (networking-stable-19_04_30).\n\n - net/mlx5e: Fix error handling when refreshing TIRs\n (networking-stable-19_04_10).\n\n - net/mlx5e: Fix trailing semicolon (bsc#1075020).\n\n - net/mlx5e: IPoIB, Reset QP after channels are closed\n (bsc#1075020).\n\n - net: phy: marvell: Fix buffer overrun with stats\n counters (networking-stable-19_05_04).\n\n - net: rds: exchange of 8K and 1M pool\n (networking-stable-19_04_30).\n\n - net: rose: fix a possible stack overflow\n (networking-stable-19_03_28).\n\n - net/rose: fix unbound loop in rose_loopback_timer()\n (networking-stable-19_04_30).\n\n - net/sched: act_sample: fix divide by zero in the traffic\n path (networking-stable-19_04_10).\n\n - net/sched: do not dereference a->goto_chain to read the\n chain index (bsc#1064802 bsc#1066129).\n\n - net/sched: fix ->get helper of the matchall cls\n (networking-stable-19_04_10).\n\n - net: socket: fix potential spectre v1 gadget in\n socketcall (git-fixes).\n\n - net: stmmac: fix memory corruption with large MTUs\n (networking-stable-19_03_28).\n\n - net: stmmac: move stmmac_check_ether_addr() to driver\n probe (networking-stable-19_04_30).\n\n - net: test tailroom before appending to linear skb\n (git-fixes).\n\n - net: thunderx: do not allow jumbo frames with XDP\n (networking-stable-19_04_19).\n\n - net: thunderx: raise XDP MTU to 1508\n (networking-stable-19_04_19).\n\n - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).\n\n - net: use indirect call wrappers at GRO network layer\n (bsc#1124503).\n\n - net: use indirect call wrappers at GRO transport layer\n (bsc#1124503).\n\n - NFS add module option to limit NFSv4 minor version\n (jsc#PM-231).\n\n - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL\n commands (bsc#1051510).\n\n - nvme: Do not remove namespaces during reset\n (bsc#1131673).\n\n - nvme: flush scan_work when resetting controller\n (bsc#1131673).\n\n - nvmem: allow to select i.MX nvmem driver for i.MX 7D\n (bsc#1051510).\n\n - nvmem: core: fix read buffer in place (bsc#1051510).\n\n - nvmem: correct Broadcom OTP controller driver writes\n (bsc#1051510).\n\n - nvmem: Do not let a NULL cell_id for nvmem_cell_get()\n crash us (bsc#1051510).\n\n - nvmem: imx-ocotp: Add i.MX7D timing write clock setup\n support (bsc#1051510).\n\n - nvmem: imx-ocotp: Add support for banked OTP addressing\n (bsc#1051510).\n\n - nvmem: imx-ocotp: Enable i.MX7D OTP write support\n (bsc#1051510).\n\n - nvmem: imx-ocotp: Move i.MX6 write clock setup to\n dedicated function (bsc#1051510).\n\n - nvmem: imx-ocotp: Pass parameters via a struct\n (bsc#1051510).\n\n - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors\n (bsc#1051510).\n\n - nvmem: imx-ocotp: Update module description\n (bsc#1051510).\n\n - nvmem: properly handle returned value nvmem_reg_read\n (bsc#1051510).\n\n - nvme-rdma: fix possible free of a non-allocated async\n event buffer (bsc#1120423).\n\n - nvme: skip nvme_update_disk_info() if the controller is\n not live (bsc#1128432).\n\n - objtool: Fix function fallthrough detection\n (bsc#1058115).\n\n - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget\n (bsc#1136434).\n\n - of: fix clang -Wunsequenced for be32_to_cpu()\n (bsc#1135642).\n\n - p54: drop device reference count if fails to enable\n device (bsc#1135642).\n\n - packet: fix reserve calculation (git-fixes).\n\n - packet: in packet_snd start writing at link layer\n allocation (git-fixes).\n\n - packet: refine ring v3 block size test to hold one frame\n (git-fixes).\n\n - packet: reset network header if packet shorter than ll\n reserved space (git-fixes).\n\n - packets: Always register packet sk in the same order\n (networking-stable-19_03_28).\n\n - parport: Fix mem leak in parport_register_dev_model\n (bsc#1051510).\n\n - PCI: endpoint: Use EPC's device in\n dma_alloc_coherent()/dma_free_coherent() (git-fixes).\n\n - PCI: Factor out pcie_retrain_link() function\n (git-fixes).\n\n - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken\n (bsc#1051510).\n\n - PCI: Mark Atheros AR9462 to avoid bus reset\n (bsc#1051510).\n\n - PCI: PM: Avoid possible suspend-to-idle issue\n (bsc#1051510).\n\n - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link\n erratum (git-fixes).\n\n - perf tools: Add Hygon Dhyana support ().\n\n - platform/chrome: cros_ec_proto: check for NULL transfer\n function (bsc#1051510).\n\n - platform/x86: mlx-platform: Fix parent device in\n i2c-mux-reg device registration (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to\n critclk_systems DMI table (bsc#1051510).\n\n - platform/x86: pmc_atom: Add several Beckhoff Automation\n boards to critclk_systems DMI table (bsc#1051510).\n\n - PM / core: Propagate dev->power.wakeup_path when no\n callbacks (bsc#1051510).\n\n - powerpc: Always initialize input array when calling\n epapr_hypercall() (bsc#1065729).\n\n - powerpc/cacheinfo: add cacheinfo_teardown,\n cacheinfo_rebuild (bsc#1138374, LTC#178199).\n\n - powerpc/eeh: Fix race with driver un/bind (bsc#1065729).\n\n - powerpc: Fix HMIs on big-endian with\n CONFIG_RELOCATABLE=y (bsc#1065729).\n\n - powerpc/msi: Fix NULL pointer access in teardown code\n (bsc#1065729).\n\n - powerpc/perf: Fix MMCRA corruption by bhrb_filter\n (bsc#1053043).\n\n - powerpc/powernv/idle: Restore IAMR after idle\n (bsc#1065729).\n\n - powerpc/process: Fix sparse address space warnings\n (bsc#1065729).\n\n - powerpc/pseries: Fix oops in hotplug memory notifier\n (bsc#1138375, LTC#178204).\n\n - powerpc/pseries/mobility: prevent cpu hotplug during DT\n update (bsc#1138374, LTC#178199).\n\n - powerpc/pseries/mobility: rebuild cacheinfo hierarchy\n post-migration (bsc#1138374, LTC#178199).\n\n - power: supply: axp20x_usb_power: Fix typo in VBUS\n current limit macros (bsc#1051510).\n\n - power: supply: axp288_charger: Fix unchecked return\n value (bsc#1051510).\n\n - power: supply: max14656: fix potential use-before-alloc\n (bsc#1051510).\n\n - power: supply: sysfs: prevent endless uevent loop with\n CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).\n\n - ptrace: take into account saved_sigmask in\n PTRACE(GET,SET)SIGMASK (git-fixes).\n\n - qlcnic: Avoid potential NULL pointer dereference\n (bsc#1051510).\n\n - qmi_wwan: Add quirk for Quectel dynamic config\n (bsc#1051510).\n\n - RDMA/hns: Fix bug that caused srq creation to fail\n (bsc#1104427 ).\n\n - RDMA/rxe: Consider skb reserve space based on netdev of\n GID (bsc#1082387, bsc#1103992).\n\n - Revert 'ALSA: hda/realtek - Improve the headset mic for\n Acer Aspire laptops' (bsc#1051510).\n\n - Revert 'HID: wacom: generic: Send BTN_TOOL_PEN in prox\n once the pen enters range' (bsc#1051510).\n\n - rtc: 88pm860x: prevent use-after-free on device remove\n (bsc#1051510).\n\n - rtc: da9063: set uie_unsupported when relevant\n (bsc#1051510).\n\n - rtc: do not reference bogus function pointer in kdoc\n (bsc#1051510).\n\n - rtc: sh: Fix invalid alarm warning for non-enabled alarm\n (bsc#1051510).\n\n - rtlwifi: fix a potential NULL pointer dereference\n (bsc#1051510).\n\n - rxrpc: Fix error reception on AF_INET6 sockets\n (git-fixes).\n\n - rxrpc: Fix transport sockopts to get IPv4 errors on an\n IPv6 socket (git-fixes).\n\n - s390/qdio: clear intparm during shutdown (bsc#1134597\n LTC#177516).\n\n - scsi: qedf: fixup bit operations (bsc#1135542).\n\n - scsi: qedf: fixup locking in qedf_restart_rport()\n (bsc#1135542).\n\n - scsi: qedf: missing kref_put in qedf_xmit()\n (bsc#1135542).\n\n - scsi: qla2xxx: Declare local functions 'static'\n (bsc#1137444).\n\n - scsi: qla2xxx: fix error message on <qla2400\n (bsc#1118139).\n\n - scsi: qla2xxx: Fix function argument descriptions\n (bsc#1118139).\n\n - scsi: qla2xxx: Fix memory corruption during hba reset\n test (bsc#1118139).\n\n - scsi: qla2xxx: fix spelling mistake: 'existant' ->\n 'existent' (bsc#1118139).\n\n - scsi: qla2xxx: fully convert to the generic DMA API\n (bsc#1137444).\n\n - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).\n\n - scsi: qla2xxx: Improve several kernel-doc headers\n (bsc#1137444).\n\n - scsi: qla2xxx: Introduce a switch/case statement in\n qlt_xmit_tm_rsp() (bsc#1137444).\n\n - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier\n to analyze (bsc#1137444).\n\n - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry()\n initializes 'res' (bsc#1137444).\n\n - scsi: qla2xxx: NULL check before some freeing functions\n is not needed (bsc#1137444).\n\n - scsi: qla2xxx: Remove a set-but-not-used variable\n (bsc#1137444).\n\n - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq\n (bsc#1118139).\n\n - scsi: qla2xxx: Remove two arguments from\n qlafx00_error_entry() (bsc#1137444).\n\n - scsi: qla2xxx: Remove unused symbols (bsc#1118139).\n\n - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds()\n function (bsc#1137444).\n\n - scsi: qla2xxx: use lower_32_bits and upper_32_bits\n instead of reinventing them (bsc#1137444).\n\n - scsi: qla2xxx: Use %p for printing pointers\n (bsc#1118139).\n\n - sctp: avoid running the sctp state machine recursively\n (networking-stable-19_05_04).\n\n - sctp: fix identification of new acks for SFR-CACC\n (git-fixes).\n\n - sctp: get sctphdr by offset in sctp_compute_cksum\n (networking-stable-19_03_28).\n\n - sctp: initialize _pad of sockaddr_in before copying to\n user memory (networking-stable-19_04_10).\n\n - serial: sh-sci: disable DMA for uart_console\n (bsc#1051510).\n\n - signal: Always notice exiting tasks (git-fixes).\n\n - signal: Better detection of synchronous signals\n (git-fixes).\n\n - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).\n\n - soc/fsl/qe: Fix an error code in qe_pin_request()\n (bsc#1051510).\n\n - spi: bitbang: Fix NULL pointer dereference in\n spi_unregister_master (bsc#1051510).\n\n - spi: Fix zero length xfer bug (bsc#1051510).\n\n - spi: Micrel eth switch: declare missing of table\n (bsc#1051510).\n\n - spi: pxa2xx: Add support for Intel Comet Lake\n (jsc#SLE-5331).\n\n - spi: pxa2xx: fix SCR (divisor) calculation\n (bsc#1051510).\n\n - spi: spi-fsl-spi: call spi_finalize_current_message() at\n the end (bsc#1051510).\n\n - spi : spi-topcliff-pch: Fix to handle empty DMA buffers\n (bsc#1051510).\n\n - spi: ST ST95HF NFC: declare missing of table\n (bsc#1051510).\n\n - spi: tegra114: reset controller on probe (bsc#1051510).\n\n - staging: vc04_services: Fix a couple error codes\n (bsc#1051510).\n\n - staging: vc04_services: prevent integer overflow in\n create_pagelist() (bsc#1051510).\n\n - staging: wlan-ng: fix adapter initialization failure\n (bsc#1051510).\n\n - stmmac: pci: Adjust IOT2000 matching\n (networking-stable-19_04_30).\n\n - switchtec: Fix unintended mask of MRPC event\n (git-fixes).\n\n - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).\n\n - tcp: do not use ipv6 header for ipv4 flow\n (networking-stable-19_03_28).\n\n - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()\n (bsc#1137586).\n\n - tcp: Ensure DCTCP reacts to losses\n (networking-stable-19_04_10).\n\n - tcp: limit payload size of sacked skbs (bsc#1137586).\n\n - tcp: purge write queue in tcp_connect_init()\n (git-fixes).\n\n - tcp: tcp_fragment() should apply sane memory limits\n (bsc#1137586).\n\n - tcp: tcp_grow_window() needs to respect tcp_space()\n (networking-stable-19_04_19).\n\n - team: fix possible recursive locking when add slaves\n (networking-stable-19_04_30).\n\n - team: set slave to promisc if team is already in promisc\n mode (bsc#1051510).\n\n - test_firmware: Use correct snprintf() limit\n (bsc#1135642).\n\n - thermal: cpu_cooling: Actually trace CPU load in\n thermal_power_cpu_get_power (bsc#1051510).\n\n - thunderbolt: Fix to check for kmemdup failure\n (bsc#1051510).\n\n - thunderx: eliminate extra calls to put_page() for pages\n held for recycling (networking-stable-19_03_28).\n\n - thunderx: enable page recycling for non-XDP case\n (networking-stable-19_03_28).\n\n - tipc: fix hanging clients using poll with EPOLLOUT flag\n (git-fixes).\n\n - tipc: missing entries in name table of publications\n (networking-stable-19_04_19).\n\n - tools/cpupower: Add Hygon Dhyana support ().\n\n - tools lib traceevent: Fix missing equality check for\n strcmp (bsc#1129770).\n\n - tracing: Fix partial reading of trace event's id file\n (bsc#1136573).\n\n - treewide: Use DEVICE_ATTR_WO (bsc#1137739).\n\n - tty: ipwireless: fix missing checks for ioremap\n (bsc#1051510).\n\n - TTY: serial_core, add ->install (bnc#1129693).\n\n - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).\n\n - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler\n (bsc#1051510).\n\n - tun: add a missing rcu_read_unlock() in error path\n (networking-stable-19_03_28).\n\n - tun: properly test for IFF_UP\n (networking-stable-19_03_28).\n\n - udp: use indirect call wrappers for GRO socket lookup\n (bsc#1124503).\n\n - ufs: fix braino in ufs_get_inode_gid() for solaris UFS\n flavour (bsc#1135323).\n\n - Update config files: CONFIG_NVMEM_IMX_OCOTP=m for\n armvh7hl/lpae\n\n - Update config files. Debug kernel is not supported\n (bsc#1135492).\n\n - Update config files: disable CONFIG_IDE on ppc64le\n\n - Update config files for NFSv4.2 Enable NFSv4.2 support -\n jsc@PM-231 This requires a module parameter for NFSv4.2\n to actually be available on SLE12 and SLE15-SP0\n\n - Update cx2072x patches to follow the upstream\n development (bsc#1068546)\n\n - Update patch reference for ipmi_ssif fix (bsc#1135120)\n\n - usb: Add LPM quirk for Surface Dock GigE adapter\n (bsc#1051510).\n\n - usb: core: Add PM runtime calls to\n usb_hcd_platform_shutdown (bsc#1051510).\n\n - usb: core: Do not unbind interfaces following device\n reset failure (bsc#1051510).\n\n - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).\n\n - usb: Fix slab-out-of-bounds write in\n usb_get_bos_descriptor (bsc#1051510).\n\n - usbip: usbip_host: fix BUG: sleeping function called\n from invalid context (bsc#1051510).\n\n - usbip: usbip_host: fix stub_dev lock context imbalance\n regression (bsc#1051510).\n\n - usbnet: fix kernel crash after disconnect (bsc#1051510).\n\n - usb: rio500: fix memory leak in close after disconnect\n (bsc#1051510).\n\n - usb: rio500: refuse more than one device at a time\n (bsc#1051510).\n\n - usb: sisusbvga: fix oops in error path of sisusb_probe\n (bsc#1051510).\n\n - userfaultfd: use RCU to free the task struct when fork\n fails (git-fixes).\n\n - vhost: reject zero size iova range\n (networking-stable-19_04_19).\n\n - video: hgafb: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - video: imsttfb: fix potential NULL pointer dereferences\n (bsc#1051510).\n\n - virtio_console: initialize vtermno value for ports\n (bsc#1051510).\n\n - vrf: check accept_source_route on the original netdevice\n (networking-stable-19_04_10).\n\n - vsock/virtio: Initialize core virtio vsock before\n registering the driver (bsc#1051510).\n\n - vt: always call notifier with the console lock held\n (bsc#1051510).\n\n - vxlan: Do not call gro_cells_destroy() before device is\n unregistered (networking-stable-19_03_28).\n\n - vxlan: trivial indenting fix (bsc#1051510).\n\n - vxlan: use __be32 type for the param vni in\n __vxlan_fdb_delete (bsc#1051510).\n\n - w1: fix the resume command API (bsc#1051510).\n\n - watchdog: imx2_wdt: Fix set_timeout for big timeout\n values (bsc#1051510).\n\n - x86_64: Add gap to int3 to allow for call emulation\n (bsc#1099658).\n\n - x86_64: Allow breakpoints to emulate call instructions\n (bsc#1099658).\n\n - x86/alternative: Init ideal_nops for Hygon Dhyana ().\n\n - x86/amd_nb: Check vendor in AMD-only functions ().\n\n - x86/apic: Add Hygon Dhyana support ().\n\n - x86/bugs: Add Hygon Dhyana to the respective mitigation\n machinery ().\n\n - x86/cpu: Create Hygon Dhyana architecture support file\n ().\n\n - x86/cpu: Get cache info and setup cache cpumap for Hygon\n Dhyana ().\n\n - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().\n\n - x86/events: Add Hygon Dhyana support to PMU\n infrastructure ().\n\n - x86/kvm: Add Hygon Dhyana support to KVM ().\n\n - x86/mce: Add Hygon Dhyana support to the MCA\n infrastructure ().\n\n - x86/mce: Do not disable MCA banks when offlining a CPU\n on AMD ().\n\n - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and\n northbridge ().\n\n - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle\n on Dhyana ().\n\n - x86/speculation/mds: Fix documentation typo\n (bsc#1135642).\n\n - x86/xen: Add Hygon Dhyana support to Xen ().\n\n - xenbus: drop useless LIST_HEAD in xenbus_write_watch()\n and xenbus_file_write() (bsc#1065600).\n\n - xen/pciback: Do not disable PCI_COMMAND on PCI device\n reset (bsc#1065600).\n\n - xfrm6: avoid potential infinite loop in\n _decode_session6() (git-fixes).\n\n - xfrm6: call kfree_skb when skb is toobig (git-fixes).\n\n - xfrm: fix missing dst_release() after policy blocking\n lbcast and multicast (git-fixes).\n\n - xfrm: fix 'passing zero to ERR_PTR()' warning\n (git-fixes).\n\n - xfrm: reset crypto_done when iterating over multiple\n input xfrms (git-fixes).\n\n - xfrm: reset transport header back to network header\n after all input transforms ahave been applied\n (git-fixes).\n\n - xfrm_user: prevent leaking 2 bytes of kernel memory\n (git-fixes).\n\n - xfrm: Validate address prefix lengths in the xfrm\n selector (git-fixes).\n\n - xfs: add log item pinning error injection tag\n (bsc#1114427).\n\n - xfs: buffer lru reference count error injection tag\n (bsc#1114427).\n\n - xfs: check _btree_check_block value (bsc#1123663).\n\n - xfs: convert drop_writes to use the errortag mechanism\n (bsc#1114427).\n\n - xfs: create block pointer check functions (bsc#1123663).\n\n - xfs: create inode pointer verifiers (bsc#1114427).\n\n - xfs: do not clear imap_valid for a non-uptodate buffers\n (bsc#1138018).\n\n - xfs: do not look at buffer heads in xfs_add_to_ioend\n (bsc#1138013).\n\n - xfs: do not set the page uptodate in xfs_writepage_map\n (bsc#1138003).\n\n - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks\n (bsc#1137999).\n\n - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks\n (bsc#1138005).\n\n - xfs: eof trim writeback mapping as soon as it is cached\n (bsc#1138019).\n\n - xfs: export _inobt_btrec_to_irec and\n _ialloc_cluster_alignment for scrub (bsc#1114427).\n\n - xfs: export various function for the online scrubber\n (bsc#1123663).\n\n - xfs: expose errortag knobs via sysfs (bsc#1114427).\n\n - xfs: fix s_maxbytes overflow problems (bsc#1137996).\n\n - xfs: fix unused variable warning in xfs_buf_set_ref()\n (bsc#1114427).\n\n - xfs: force summary counter recalc at next mount\n (bsc#1114427).\n\n - xfs: make errortag a per-mountpoint structure\n (bsc#1123663).\n\n - xfs: make xfs_writepage_map extent map centric\n (bsc#1138009).\n\n - xfs: minor cleanup for xfs_get_blocks (bsc#1138000).\n\n - xfs: move all writeback buffer_head manipulation into\n xfs_map_at_offset (bsc#1138014).\n\n - xfs: move error injection tags into their own file\n (bsc#1114427).\n\n - xfs: refactor btree block header checking functions\n (bsc#1123663).\n\n - xfs: refactor btree pointer checks (bsc#1123663).\n\n - xfs: refactor the tail of xfs_writepage_map\n (bsc#1138016).\n\n - xfs: refactor unmount record write (bsc#1114427).\n\n - xfs: remove the imap_valid flag (bsc#1138012).\n\n - xfs: remove unneeded parameter from XFS_TEST_ERROR\n (bsc#1123663).\n\n - xfs: remove unused parameter from xfs_writepage_map\n (bsc#1137995).\n\n - xfs: remove XFS_IO_INVALID (bsc#1138017).\n\n - xfs: remove xfs_map_cow (bsc#1138007).\n\n - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).\n\n - xfs: remove xfs_reflink_trim_irec_to_next_cow\n (bsc#1138006).\n\n - xfs: remove xfs_start_page_writeback (bsc#1138015).\n\n - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN\n (bsc#1123663).\n\n - xfs: rename the offset variable in xfs_writepage_map\n (bsc#1138008).\n\n - xfs: replace log_badcrc_factor knob with error injection\n tag (bsc#1114427).\n\n - xfs: sanity-check the unused space before trying to use\n it (bsc#1123663).\n\n - xfs: serialize unaligned dio writes against all other\n dio writes (bsc#1134936).\n\n - xfs: simplify xfs_map_blocks by using\n xfs_iext_lookup_extent directly (bsc#1138011).\n\n - xfs: skip CoW writes past EOF when writeback races with\n truncate (bsc#1137998).\n\n - xfs: xfs_reflink_convert_cow() memory allocation\n deadlock (bsc#1138002).\n\n - xhci: Convert xhci_handshake() to use\n readl_poll_timeout_atomic() (bsc#1051510).\n\n - xhci: Use %zu for printing size_t type (bsc#1051510).\n\n - xhci: update bounce buffer with correct sg num\n (bsc#1051510).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138375\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.64.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:46:24", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not check if the chunk length for INIT and INIT_ACK packets was within the allowed limits. A local attacker could exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-05-31T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-035)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5803"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2018-035.NASL", "href": "https://www.tenable.com/plugins/nessus/110232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110232);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-5803\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-035)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2941801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8a47bcc\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?582a2cb7\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d19de5d\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82bd7955\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fecc47bd\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.42.0.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.1.1.vz7.37.30\",\n \"patch\",\"readykernel-patch-37.30-52.0-2.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:46:24", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not check if the chunk length for INIT and INIT_ACK packets was within the allowed limits. A local attacker could exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-05-31T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-036)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5803"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2018-036.NASL", "href": "https://www.tenable.com/plugins/nessus/110233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110233);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-5803\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-036)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2941802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b4db7cb\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a9c5d7d\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?edba2ede\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.11.6.vz7.40.4\",\n \"patch\",\"readykernel-patch-40.4-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.17.1.vz7.43.10\",\n \"patch\",\"readykernel-patch-43.10-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-52.0-2.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T15:57:59", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb- init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1079", "CVE-2013-4343", "CVE-2016-10905", "CVE-2017-18550", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20836", "CVE-2018-20855", "CVE-2018-20976", "CVE-2018-7191", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11487", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-15213", "CVE-2019-15538", "CVE-2019-15807", "CVE-2019-15916", "CVE-2019-16413", "CVE-2019-17075", "CVE-2019-3874"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/132490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0264. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132490);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2011-1079\",\n \"CVE-2016-10905\",\n \"CVE-2017-18550\",\n \"CVE-2017-18595\",\n \"CVE-2018-7191\",\n \"CVE-2018-12207\",\n \"CVE-2018-20836\",\n \"CVE-2018-20855\",\n \"CVE-2018-20976\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-3874\",\n \"CVE-2019-11135\",\n \"CVE-2019-11487\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-15213\",\n \"CVE-2019-15538\",\n \"CVE-2019-15807\",\n \"CVE-2019-15916\",\n \"CVE-2019-16413\",\n \"CVE-2019-17075\"\n );\n script_bugtraq_id(\n 46616,\n 107488,\n 108054,\n 108196,\n 108299,\n 108380,\n 108474\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - The bnep_sock_ioctl function in\n net/bluetooth/bnep/sock.c in the Linux kernel before\n 2.6.39 does not ensure that a certain device field ends\n with a '\\0' character, which allows local users to\n obtain potentially sensitive information from kernel\n stack memory, or cause a denial of service (BUG and\n system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux\n kernel before 4.8. A use-after-free is caused by the\n functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n before 4.13. There is potential exposure of kernel stack\n memory because aac_get_hba_info does not initialize the\n hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a\n virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to\n potentially enable denial of service of the host system\n via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and\n smp_task_done() in drivers/scsi/libsas/sas_expander.c,\n leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp\n was never initialized, resulting in a leak of stack\n memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the\n Linux kernel before 4.18. A use after free exists,\n related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14,\n dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a\n denial of service (NULL pointer dereference and panic)\n via an ioctl(TUNSETIFF) call with a dev name containing\n a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100\n Processor Families may allow an authenticated user to\n potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and\n E-2200 Processor Families; Intel(R) Graphics Driver for\n Windows before 26.20.100.6813 (DCH) or 26.20.100.6812\n and before 21.20.x.5077 (aka15.45.5077), i915 Linux\n Driver for Intel(R) Processor Graphics before versions\n 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount\n reference count overflow, with resultant use-after-free\n issues, if about 140 GiB of RAM exists. This is related\n to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c in the Linux kernel before\n 5.0.15 allows a local user to obtain potentially\n sensitive information from kernel stack memory via a\n HIDPCONNADD command, because a name field may not end\n with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/dvb-usb/dvb-usb-\n init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in\n fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS\n partially wedges when a chgrp fails on account of being\n out of disk quota. xfs_setattr_nonsize is failing to\n unlock the ILOCK after the xfs_qm_vop_chown_reserve call\n fails. This is primarily a local DoS attack vector, but\n it might result as well in remote DoS if the XFS\n filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory\n leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and\n denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before\n 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which\n will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. The 9p filesystem did not protect i_size_write()\n properly, which causes an i_size_read() infinite loop\n and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application\n is not accounted by the cgroups subsystem. An attacker\n can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be\n vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0264\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T15:58:18", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb- init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1079", "CVE-2013-4343", "CVE-2016-10905", "CVE-2017-18550", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20836", "CVE-2018-20855", "CVE-2018-20976", "CVE-2018-7191", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11487", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-15213", "CVE-2019-15538", "CVE-2019-15807", "CVE-2019-15916", "CVE-2019-16413", "CVE-2019-17075", "CVE-2019-3874"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/132499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0266. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132499);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2011-1079\",\n \"CVE-2016-10905\",\n \"CVE-2017-18550\",\n \"CVE-2017-18595\",\n \"CVE-2018-7191\",\n \"CVE-2018-12207\",\n \"CVE-2018-20836\",\n \"CVE-2018-20855\",\n \"CVE-2018-20976\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-3874\",\n \"CVE-2019-11135\",\n \"CVE-2019-11487\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-15213\",\n \"CVE-2019-15538\",\n \"CVE-2019-15807\",\n \"CVE-2019-15916\",\n \"CVE-2019-16413\",\n \"CVE-2019-17075\"\n );\n script_bugtraq_id(\n 46616,\n 107488,\n 108054,\n 108196,\n 108299,\n 108380,\n 108474\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - The bnep_sock_ioctl function in\n net/bluetooth/bnep/sock.c in the Linux kernel before\n 2.6.39 does not ensure that a certain device field ends\n with a '\\0' character, which allows local users to\n obtain potentially sensitive information from kernel\n stack memory, or cause a denial of service (BUG and\n system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux\n kernel before 4.8. A use-after-free is caused by the\n functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n before 4.13. There is potential exposure of kernel stack\n memory because aac_get_hba_info does not initialize the\n hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a\n virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to\n potentially enable denial of service of the host system\n via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and\n smp_task_done() in drivers/scsi/libsas/sas_expander.c,\n leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp\n was never initialized, resulting in a leak of stack\n memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the\n Linux kernel before 4.18. A use after free exists,\n related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14,\n dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a\n denial of service (NULL pointer dereference and panic)\n via an ioctl(TUNSETIFF) call with a dev name containing\n a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100\n Processor Families may allow an authenticated user to\n potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and\n E-2200 Processor Families; Intel(R) Graphics Driver for\n Windows before 26.20.100.6813 (DCH) or 26.20.100.6812\n and before 21.20.x.5077 (aka15.45.5077), i915 Linux\n Driver for Intel(R) Processor Graphics before versions\n 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount\n reference count overflow, with resultant use-after-free\n issues, if about 140 GiB of RAM exists. This is related\n to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c in the Linux kernel before\n 5.0.15 allows a local user to obtain potentially\n sensitive information from kernel stack memory via a\n HIDPCONNADD command, because a name field may not end\n with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/dvb-usb/dvb-usb-\n init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in\n fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS\n partially wedges when a chgrp fails on account of being\n out of disk quota. xfs_setattr_nonsize is failing to\n unlock the ILOCK after the xfs_qm_vop_chown_reserve call\n fails. This is primarily a local DoS attack vector, but\n it might result as well in remote DoS if the XFS\n filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory\n leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and\n denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before\n 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which\n will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. The 9p filesystem did not protect i_size_write()\n properly, which causes an i_size_read() infinite loop\n and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application\n is not accounted by the cgroups subsystem. An attacker\n can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be\n vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0266\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:37:13", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5644 advisory.\n\n - The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a software IO TLB printk call.\n (CVE-2018-5953)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5644)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5953", "CVE-2019-18806"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.44.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.44.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5644.NASL", "href": "https://www.tenable.com/plugins/nessus/135432", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5644.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135432);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2018-5953\", \"CVE-2019-18806\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5644)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5644 advisory.\n\n - The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to\n obtain sensitive address information by reading dmesg data from a software IO TLB printk call.\n (CVE-2018-5953)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the\n Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by\n triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5644.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5953\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.44.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.44.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.44.1.el6uek', '3.8.13-118.44.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5644');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.44.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.44.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.44.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.44.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.44.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.44.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.44.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.44.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.44.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.44.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.44.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.44.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.44.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.44.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.44.1.el6uek / dtrace-modules-3.8.13-118.44.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-10T14:55:36", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5656 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:5656)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-19046", "CVE-2019-19447", "CVE-2019-20636", "CVE-2019-9454", "CVE-2020-12770"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_eus:7.6:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-5656.NASL", "href": "https://www.tenable.com/plugins/nessus/144554", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5656. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144554);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2018-20836\",\n \"CVE-2019-9454\",\n \"CVE-2019-19046\",\n \"CVE-2019-19447\",\n \"CVE-2019-20636\",\n \"CVE-2020-12770\"\n );\n script_bugtraq_id(108196);\n script_xref(name:\"RHSA\", value:\"2020:5656\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:5656)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5656 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c\n leads to use-after-free (CVE-2018-20836)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 362, 400, 401, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2018-20836', 'CVE-2019-9454', 'CVE-2019-19046', 'CVE-2019-19447', 'CVE-2019-20636', 'CVE-2020-12770');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:5656');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.65.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T14:46:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2522 advisory.\n\n - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\n - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:2522)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-10639", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14283", "CVE-2019-15916", "CVE-2019-19768", "CVE-2019-3901", "CVE-2019-9503", "CVE-2020-10711"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-2522.NASL", "href": "https://www.tenable.com/plugins/nessus/137363", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2522. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137363);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-18595\",\n \"CVE-2018-7191\",\n \"CVE-2018-20169\",\n \"CVE-2019-3901\",\n \"CVE-2019-9503\",\n \"CVE-2019-10639\",\n \"CVE-2019-12382\",\n \"CVE-2019-13233\",\n \"CVE-2019-14283\",\n \"CVE-2019-15916\",\n \"CVE-2019-19768\",\n \"CVE-2020-10711\"\n );\n script_bugtraq_id(\n 89937,\n 108011,\n 108380,\n 108474,\n 109055\n );\n script_xref(name:\"RHSA\", value:\"2020:2522\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:2522)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2522 advisory.\n\n - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c\n (CVE-2017-18595)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\n - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause\n kernel panic (CVE-2020-10711)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-7191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1660385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1715554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1716328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1729933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1750813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 125, 190, 200, 253, 362, 400, 416, 476, 667, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18595', 'CVE-2018-7191', 'CVE-2018-20169', 'CVE-2019-3901', 'CVE-2019-9503', 'CVE-2019-10639', 'CVE-2019-12382', 'CVE-2019-13233', 'CVE-2019-14283', 'CVE-2019-15916', 'CVE-2019-19768', 'CVE-2020-10711');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:2522');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.26.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:15:50", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in the Linux kernel before 5.2.3.\n There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in the Linux kernel before 5.2.3.\n There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers.\n At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.(CVE-2019-15030)In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.(CVE-2019-15031)An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring-i1/4zfirst' and 'ring-i1/4zlast' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922)An issue was discovered in the Linux kernel before 5.0.10.\n SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923)An issue was discovered in the Linux kernel before 5.0.11.\n fm10k_init_module in drivers et/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)par se_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.(CVE-2019-15117)In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14284)In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2081)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13648", "CVE-2019-14284", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15918", "CVE-2019-15922", "CVE-2019-15923", "CVE-2019-15924", "CVE-2019-15926"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2081.NASL", "href": "https://www.tenable.com/plugins/nessus/129440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129440);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13648\",\n \"CVE-2019-14284\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15030\",\n \"CVE-2019-15031\",\n \"CVE-2019-15090\",\n \"CVE-2019-15117\",\n \"CVE-2019-15212\",\n \"CVE-2019-15213\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15918\",\n \"CVE-2019-15922\",\n \"CVE-2019-15923\",\n \"CVE-2019-15924\",\n \"CVE-2019-15926\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2081)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n the Linux kernel before 5.1.8. There is a double-free\n caused by a malicious USB device in the\n drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An\n issue was discovered in the Linux kernel before 5.2.3.\n There is a use-after-free caused by a malicious USB\n device in the drivers/media/usb/dvb-usb/dvb-usb-init.c\n driver.(CVE-2019-15213)An issue was discovered in the\n Linux kernel before 5.2.6. There is a use-after-free\n caused by a malicious USB device in the\n drivers/media/usb/cpia2/cpia2_usb.c\n driver.(CVE-2019-15215)An issue was discovered in the\n Linux kernel before 5.0.14. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An\n issue was discovered in the Linux kernel before 5.2.3.\n There is a NULL pointer dereference caused by a\n malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c\n driver.(CVE-2019-15217)An issue was discovered in\n drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before\n 5.1.12. In the qedi_dbg_* family of functions, there is\n an out-of-bounds read.(CVE-2019-15090)In the Linux\n kernel through 5.2.14 on the powerpc platform, a local\n user can read vector registers of other users'\n processes via a Facility Unavailable exception. To\n exploit the venerability, a local user starts a\n transaction (via the hardware transactional memory\n instruction tbegin) and then accesses vector registers.\n At some point, the vector registers will be corrupted\n with the values from a different local Linux process\n because of a missing arch/powerpc/kernel/process.c\n check.(CVE-2019-15030)In the Linux kernel through\n 5.2.14 on the powerpc platform, a local user can read\n vector registers of other users' processes via an\n interrupt. To exploit the venerability, a local user\n starts a transaction (via the hardware transactional\n memory instruction tbegin) and then accesses vector\n registers. At some point, the vector registers will be\n corrupted with the values from a different local Linux\n process, because MSR_TM_ACTIVE is misused in\n arch/powerpc/kernel/process.c.(CVE-2019-15031)An\n out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring-i1/4zfirst' and 'ring-i1/4zlast' value could\n be supplied by a host user-space process. An\n unprivileged host user or process with access to\n '/dev/kvm' device could use this flaw to crash the host\n kernel, resulting in a denial of service or potentially\n escalating privileges on the system.(CVE-2019-14821)A\n buffer overflow flaw was found, in versions from 2.6.34\n to 5.2.x, in the way Linux kernel's vhost functionality\n that translates virtqueue buffers to IOVs, logged the\n buffer descriptors during migration. A privileged guest\n user able to pass descriptors with invalid length to\n the host when migration is underway, could use this\n flaw to increase their privileges on the\n host.(CVE-2019-14835)An issue was discovered in the\n Linux kernel before 5.0.9. There is a NULL pointer\n dereference for a pf data structure if alloc_disk fails\n in drivers/block/paride/pf.c.(CVE-2019-15922)An issue\n was discovered in the Linux kernel before 5.0.10.\n SMB2_negotiate in fs/cifs/smb2pdu.c has an\n out-of-bounds read because data structures are\n incompletely updated after a change from smb30 to\n smb21.(CVE-2019-15918)An issue was discovered in the\n Linux kernel before 5.0.9. There is a NULL pointer\n dereference for a cd data structure if alloc_disk fails\n in drivers/block/paride/pf.c.(CVE-2019-15923)An issue\n was discovered in the Linux kernel before 5.0.11.\n fm10k_init_module in drivers\n et/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer\n dereference because there is no -ENOMEM upon an\n alloc_workqueue failure.(CVE-2019-15924)An issue was\n discovered in the Linux kernel before 5.2.3. Out of\n bounds access exists in the functions\n ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file\n driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)par\n se_audio_mixer_unit in sound/usb/mixer.c in the Linux\n kernel through 5.2.9 mishandles a short descriptor,\n leading to out-of-bounds memory\n access.(CVE-2019-15117)In the Linux kernel before\n 5.2.3, drivers/block/floppy.c allows a denial of\n service by setup_format_params division-by-zero. Two\n consecutive ioctls can trigger the bug: the first one\n should set the drive geometry with .sect and .rate\n values that make F_SECT_PER_TRACK be zero. Next, the\n floppy format operation should be called. It can be\n triggered by an unprivileged local user even when a\n floppy disk has not been inserted. NOTE: QEMU creates\n the floppy device by default.(CVE-2019-14284)In the\n Linux kernel through 5.2.1 on the powerpc platform,\n when hardware transactional memory is disabled, a local\n user can cause a denial of service (TM Bad Thing\n exception and system crash) via a sigreturn() system\n call that sends a crafted signal frame. This affects\n arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2081\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?06ead936\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h453.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}, {"lastseen": "2023-02-05T15:24:16", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)\n\n - An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)\n\n - An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)\n\n - An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923)\n\n - An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)\n\n - An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922)\n\n - An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)\n\n - An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)\n\n - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.(CVE-2019-15031)\n\n - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.(CVE-2019-15030)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14816)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-14815)\n\n - There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14814)\n\n - drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15099)\n\n - drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15098)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.3.0 : kernel (EulerOS-SA-2019-2309)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031", "CVE-2019-15090", "CVE-2019-15098", "CVE-2019-15099", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15918", "CVE-2019-15922", "CVE-2019-15923", "CVE-2019-15924", "CVE-2019-15926"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:3.0.3.0"], "id": "EULEROS_SA-2019-2309.NASL", "href": "https://www.tenable.com/plugins/nessus/131474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131474);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14835\",\n \"CVE-2019-15030\",\n \"CVE-2019-15031\",\n \"CVE-2019-15090\",\n \"CVE-2019-15098\",\n \"CVE-2019-15099\",\n \"CVE-2019-15212\",\n \"CVE-2019-15213\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15918\",\n \"CVE-2019-15922\",\n \"CVE-2019-15923\",\n \"CVE-2019-15924\",\n \"CVE-2019-15926\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.3.0 : kernel (EulerOS-SA-2019-2309)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a use-after-free caused by a malicious\n USB device in the\n drivers/media/usb/dvb-usb/dvb-usb-init.c\n driver.(CVE-2019-15213)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/cpia2/cpia2_usb.c\n driver.(CVE-2019-15215)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c\n driver.(CVE-2019-15217)\n\n - An issue was discovered in the Linux kernel before\n 5.1.8. There is a double-free caused by a malicious USB\n device in the drivers/usb/misc/rio500.c\n driver.(CVE-2019-15212)\n\n - An issue was discovered in the Linux kernel before\n 5.0.14. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/yurex.c\n driver.(CVE-2019-15216)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c\n in the Linux kernel before 5.1.12. In the qedi_dbg_*\n family of functions, there is an out-of-bounds\n read.(CVE-2019-15090)\n\n - An issue was discovered in the Linux kernel before\n 5.0.9. There is a NULL pointer dereference for a cd\n data structure if alloc_disk fails in\n drivers/block/paride/pf.c.(CVE-2019-15923)\n\n - An issue was discovered in the Linux kernel before\n 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an\n out-of-bounds read because data structures are\n incompletely updated after a change from smb30 to\n smb21.(CVE-2019-15918)\n\n - An issue was discovered in the Linux kernel before\n 5.0.9. There is a NULL pointer dereference for a pf\n data structure if alloc_disk fails in\n drivers/block/paride/pf.c.(CVE-2019-15922)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. Out of bounds access exists in the functions\n ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file\n drivers/net/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)\n\n - An issue was discovered in the Linux kernel before\n 5.0.11. fm10k_init_module in\n drivers/net/ethernet/intel/fm10k/fm10k_main.c has a\n NULL pointer dereference because there is no -ENOMEM\n upon an alloc_workqueue failure.(CVE-2019-15924)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to\n IOVs, logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host.(CVE-2019-14835)\n\n - In the Linux kernel through 5.2.14 on the powerpc\n platform, a local user can read vector registers of\n other users' processes via an interrupt. To exploit the\n venerability, a local user starts a transaction (via\n the hardware transactional memory instruction tbegin)\n and then accesses vector registers. At some point, the\n vector registers will be corrupted with the values from\n a different local Linux process, because MSR_TM_ACTIVE\n is misused in\n arch/powerpc/kernel/process.c.(CVE-2019-15031)\n\n - In the Linux kernel through 5.2.14 on the powerpc\n platform, a local user can read vector registers of\n other users' processes via a Facility Unavailable\n exception. To exploit the venerability, a local user\n starts a transaction (via the hardware transactional\n memory instruction tbegin) and then accesses vector\n registers. At some point, the vector registers will be\n corrupted with the values from a different local Linux\n process because of a missing\n arch/powerpc/kernel/process.c check.(CVE-2019-15030)\n\n - There is heap-based buffer overflow in kernel, all\n versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to\n cause a denial of service(system crash) or possibly\n execute arbitrary code.(CVE-2019-14816)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14815)\n\n - There is heap-based buffer overflow in Linux kernel,\n all versions up to, excluding 5.3, in the marvell wifi\n chip driver in Linux kernel, that allows local users to\n cause a denial of service(system crash) or possibly\n execute arbitrary code.(CVE-2019-14814)\n\n - drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.2.8 has a NULL pointer dereference via\n an incomplete address in an endpoint\n descriptor.(CVE-2019-15099)\n\n - drivers/net/wireless/ath/ath6kl/usb.c in the Linux\n kernel through 5.2.9 has a NULL pointer dereference via\n an incomplete address in an endpoint\n descriptor.(CVE-2019-15098)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2309\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?03aaa4ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.3.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.3.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.3.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h463.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}, {"lastseen": "2023-01-30T14:40:47", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.(CVE-2019-14901)A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896)A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/ net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.(CVE-2019-19045)A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.(CVE-2019-14897)An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.(CVE-2019-19332)Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.(CVE-2018-12207)In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9458)In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.(CVE-2019-19227)In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in\n __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c,\n __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.(CVE-2019-19813)In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768)In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.(CVE-2019-20054)In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/ net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/ net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.(CVE-2019-19534)In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/ net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.(CVE-2019-19525)Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families Intel(R) Pentium(R) Processor J, N, Silver and Gold Series Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series Intel(R) Atom(R) Processor A and E3900 Series Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2019-0155)Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2019-11085)kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel it only causes mismanagement of application execution.)(CVE-2019-19922)The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.(CVE-2016-2085)The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a 'pages/cpu' printk call.(CVE-2018-5995)TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11135)An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.(CVE-2017-18549)An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.(CVE-2017-18550)In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.(CVE-2018-7273)A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2019-14895)The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.(CVE-2019-18660)In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447)In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.(CVE-2019-19966)An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.(CVE-2019-5108)mwifiex_tm_cmd in drivers/ net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.(CVE-2019-20095)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3180", "CVE-2016-2085", "CVE-2017-18549", "CVE-2017-18550", "CVE-2018-12207", "CVE-2018-5995", "CVE-2018-7273", "CVE-2019-0155", "CVE-2019-11085", "CVE-2019-11135", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-14901", "CVE-2019-18660", "CVE-2019-19045", "CVE-2019-19078", "CVE-2019-19227", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19525", "CVE-2019-19534", "CVE-2019-19536", "CVE-2019-19768", "CVE-2019-19813", "CVE-2019-19922", "CVE-2019-19965", "CVE-2019-19966", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-5108", "CVE-2019-9458"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1112.NASL", "href": "https://www.tenable.com/plugins/nessus/133913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133913);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3180\",\n \"CVE-2016-2085\",\n \"CVE-2017-18549\",\n \"CVE-2017-18550\",\n \"CVE-2018-12207\",\n \"CVE-2018-5995\",\n \"CVE-2018-7273\",\n \"CVE-2019-0155\",\n \"CVE-2019-11085\",\n \"CVE-2019-11135\",\n \"CVE-2019-14895\",\n \"CVE-2019-14896\",\n \"CVE-2019-14897\",\n \"CVE-2019-14901\",\n \"CVE-2019-18660\",\n \"CVE-2019-19045\",\n \"CVE-2019-19078\",\n \"CVE-2019-19227\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19525\",\n \"CVE-2019-19534\",\n \"CVE-2019-19536\",\n \"CVE-2019-19768\",\n \"CVE-2019-19813\",\n \"CVE-2019-19922\",\n \"CVE-2019-19965\",\n \"CVE-2019-19966\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-5108\",\n \"CVE-2019-9458\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** In\n kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)A heap\n overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run\n with the permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)A heap-based buffer overflow\n vulnerability was found in the Linux kernel, version\n kernel-2.6.32, in Marvell WiFi chip driver. A remote\n attacker could cause a denial of service (system crash)\n or, possibly execute arbitrary code, when the\n lbs_ibss_join_existing function is called after a STA\n connects to an AP.(CVE-2019-14896)A memory leak in the\n ath10k_usb_hif_tx_sg() function in drivers/\n net/wireless/ath/ath10k/usb.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the\n mlx5_fpga_conn_create_cq() function in drivers/\n net/ethernet/mellanox/mlx5/core/fpga/conn.c in the\n Linux kernel before 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n mlx5_vector2eqn() failures, aka\n CID-c8c2a057fdc7.(CVE-2019-19045)A stack-based buffer\n overflow was found in the Linux kernel, version\n kernel-2.6.32, in Marvell WiFi chip driver. An attacker\n is able to cause a denial of service (system crash) or,\n possibly execute arbitrary code, when a STA works in\n IBSS mode (allows connecting stations together without\n the use of an AP) and connects to another\n STA.(CVE-2019-14897)An out-of-bounds memory write issue\n was found in the Linux Kernel, version 3.13 through\n 5.4, in the way the Linux kernel's KVM hypervisor\n handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request\n to get CPUID features emulated by the KVM hypervisor. A\n user or process able to access the '/dev/kvm' device\n could use this flaw to crash the system, resulting in a\n denial of service.(CVE-2019-19332)Improper invalidation\n for page table updates by a virtual guest operating\n system for multiple Intel(R) Processors may allow an\n authenticated user to potentially enable denial of\n service of the host system via local\n access.(CVE-2018-12207)In the Android kernel in the\n video driver there is a use after free due to a race\n condition. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.(CVE-2019-9458)In the AppleTalk subsystem\n in the Linux kernel before 5.1, there is a potential\n NULL pointer dereference because register_snap_client\n may return NULL. This will lead to denial of service in\n net/appletalk/aarp.c and net/appletalk/ddp.c, as\n demonstrated by unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)In the Linux kernel\n 5.0.21, mounting a crafted btrfs filesystem image,\n performing some operations, and then making a syncfs\n system call can lead to a use-after-free in\n __mutex_lock in kernel/locking/mutex.c. This is related\n to mutex_can_spin_on_owner in kernel/locking/mutex.c,\n __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and\n btrfs_insert_delayed_items in\n fs/btrfs/delayed-inode.c.(CVE-2019-19813)In the Linux\n kernel 5.4.0-rc2, there is a use-after-free (read) in\n the __blk_add_trace function in kernel/trace/blktrace.c\n (which is used to fill out a blk_io_trace structure and\n place it in a per-cpu sub-buffer).(CVE-2019-19768)In\n the Linux kernel before 5.0.6, there is a NULL pointer\n dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka\n CID-23da9588037e.(CVE-2019-20054)In the Linux kernel\n before 5.2.9, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_pro.c driver, aka\n CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel\n before 5.3.11, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29.(CVE-2019-19534)In the Linux kernel\n before 5.3.6, there is a use-after-free bug that can be\n caused by a malicious USB device in the drivers/\n net/ieee802154/atusb.c driver, aka\n CID-7fd25e6fc035.(CVE-2019-19525)Insufficient access\n control in a subsystem for Intel (R) processor graphics\n in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM)\n Processor Families Intel(R) Pentium(R) Processor J, N,\n Silver and Gold Series Intel(R) Celeron(R) Processor J,\n N, G3900 and G4900 Series Intel(R) Atom(R) Processor A\n and E3900 Series Intel(R) Xeon(R) Processor E3-1500 v5\n and v6, E-2100 and E-2200 Processor Families Intel(R)\n Graphics Driver for Windows before 26.20.100.6813 (DCH)\n or 26.20.100.6812 and before 21.20.x.5077\n (aka15.45.5077), i915 Linux Driver for Intel(R)\n Processor Graphics before versions 5.4-rc7, 5.3.11,\n 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an\n authenticated user to potentially enable escalation of\n privilege via local access.(CVE-2019-0155)Insufficient\n input validation in Kernel Mode Driver in Intel(R) i915\n Graphics for Linux before version 5.0 may allow an\n authenticated user to potentially enable escalation of\n privilege via local\n access.(CVE-2019-11085)kernel/sched/fair.c in the Linux\n kernel before 5.3.9, when cpu.cfs_quota_us is used\n (e.g., with Kubernetes), allows attackers to cause a\n denial of service against non-cpu-bound applications by\n generating a workload that triggers unwanted slice\n expiration, aka CID-de53fd7aedb1. (In other words,\n although this slice expiration would typically be seen\n with benign workloads, it is possible that an attacker\n could calculate how many stray requests are required to\n force an entire Kubernetes cluster into a\n low-performance state caused by slice expiration, and\n ensure that a DDoS attack sent that number of stray\n requests. An attack does not affect the stability of\n the kernel it only causes mismanagement of application\n execution.)(CVE-2019-19922)The evm_verify_hmac function\n in security/integrity/evm/evm_main.c in the Linux\n kernel before 4.5 does not properly copy data, which\n makes it easier for local users to forge MAC values via\n a timing side-channel attack.(CVE-2016-2085)The\n pcpu_embed_first_chunk function in mm/percpu.c in the\n Linux kernel through 4.14.14 allows local users to\n obtain sensitive address information by reading dmesg\n data from a 'pages/cpu' printk call.(CVE-2018-5995)TSX\n Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access.(CVE-2019-11135)An issue was\n discovered in drivers/scsi/aacraid/commctrl.c in the\n Linux kernel before 4.13. There is potential exposure\n of kernel stack memory because aac_send_raw_srb does\n not initialize the reply structure.(CVE-2017-18549)An\n issue was discovered in drivers/scsi/aacraid/commctrl.c\n in the Linux kernel before 4.13. There is potential\n exposure of kernel stack memory because\n aac_get_hba_info does not initialize the hbainfo\n structure.(CVE-2017-18550)In the Linux kernel through\n 4.15.4, the floppy driver reveals the addresses of\n kernel functions and global variables using printk\n calls within the function show_floppy in\n drivers/block/floppy.c. An attacker can read this\n information from dmesg and use the addresses to find\n the locations of kernel code and data and bypass kernel\n security protections such as KASLR.(CVE-2018-7273)A\n heap-based buffer overflow was discovered in the Linux\n kernel, all versions 3.x.x and 4.x.x before 4.18.0, in\n Marvell WiFi chip driver. The flaw could occur when the\n station attempts a connection negotiation during the\n handling of the remote devices country settings. This\n could allow the remote device to cause a denial of\n service (system crash) or possibly execute arbitrary\n code.(CVE-2019-14895)The Linux kernel before 5.4.1 on\n powerpc allows Information Exposure because the\n Spectre-RSB mitigation is not in place for all\n applicable CPUs, aka CID-39e72bf96f58. This is related\n to arch/powerpc/kernel/entry_64.S and\n arch/powerpc/kernel/security.c.(CVE-2019-18660)In the\n Linux kernel 5.0.21, mounting a crafted ext4 filesystem\n image, performing some operations, and unmounting can\n lead to a use-after-free in ext4_put_super in\n fs/ext4/super.c, related to dump_orphan_list in\n fs/ext4/super.c.(CVE-2019-19447)In the Linux kernel\n through 5.4.6, there is a NULL pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of\n mishandling of port disconnection during discovery,\n related to a PHY down race condition, aka\n CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel\n before 5.1.6, there is a use-after-free in cpia2_exit()\n in drivers/media/usb/cpia2/cpia2_v4l.c that will cause\n denial of service, aka\n CID-dea37a972655.(CVE-2019-19966)An exploitable\n denial-of-service vulnerability exists in the Linux\n kernel prior to mainline 5.3. An attacker could exploit\n this vulnerability by triggering AP to send IAPP\n location updates for stations before the required\n authentication process has completed. This could lead\n to different denial-of-service scenarios, either by\n causing CAM table attacks, or by leading to traffic\n flapping if faking already existing clients in other\n nearby APs of the same wireless infrastructure. An\n attacker can forge Authentication and Association\n Request packets to trigger this\n vulnerability.(CVE-2019-5108)mwifiex_tm_cmd in drivers/\n net/wireless/marvell/mwifiex/cfg80211.c in the Linux\n kernel before 5.1.6 has some error-handling cases that\n did not free allocated hostcmd memory, aka\n CID-003b686ace82. This will cause a memory leak and\n denial of service.(CVE-2019-20095)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1112\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51adc7d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h408.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h408.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h408.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h408.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h408.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h408.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h408.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:47:40", "description": "An update of {'linux', 'linux-esx', 'linux-aws', 'linux-secure'} packages of Photon OS has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Photon OS 2.0 : linux / linux-esx / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0042) (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18255", "CVE-2018-1000026"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0042.NASL", "href": "https://www.tenable.com/plugins/nessus/111301", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0042. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111301);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-18255\", \"CVE-2018-1000026\");\n script_bugtraq_id(103607);\n\n script_name(english:\"Photon OS 2.0 : linux / linux-esx / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0042) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of {'linux', 'linux-esx', 'linux-aws', 'linux-secure'}\npackages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-42\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?53790dbb\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000026\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.9.97-3.ph2\",\n \"linux-aws-4.9.97-3.ph2\",\n \"linux-aws-4.9.97-3.ph2\",\n \"linux-aws-debuginfo-4.9.97-3.ph2\",\n \"linux-aws-debuginfo-4.9.97-3.ph2\",\n \"linux-aws-devel-4.9.97-3.ph2\",\n \"linux-aws-devel-4.9.97-3.ph2\",\n \"linux-aws-docs-4.9.97-3.ph2\",\n \"linux-aws-docs-4.9.97-3.ph2\",\n \"linux-aws-drivers-gpu-4.9.97-3.ph2\",\n \"linux-aws-drivers-gpu-4.9.97-3.ph2\",\n \"linux-aws-oprofile-4.9.97-3.ph2\",\n \"linux-aws-oprofile-4.9.97-3.ph2\",\n \"linux-aws-sound-4.9.97-3.ph2\",\n \"linux-aws-sound-4.9.97-3.ph2\",\n \"linux-aws-tools-4.9.97-3.ph2\",\n \"linux-aws-tools-4.9.97-3.ph2\",\n \"linux-debuginfo-4.9.97-3.ph2\",\n \"linux-devel-4.9.97-3.ph2\",\n \"linux-docs-4.9.97-3.ph2\",\n \"linux-drivers-gpu-4.9.97-3.ph2\",\n \"linux-esx-4.9.97-3.ph2\",\n \"linux-esx-4.9.97-3.ph2\",\n \"linux-esx-debuginfo-4.9.97-3.ph2\",\n \"linux-esx-debuginfo-4.9.97-3.ph2\",\n \"linux-esx-devel-4.9.97-3.ph2\",\n \"linux-esx-devel-4.9.97-3.ph2\",\n \"linux-esx-docs-4.9.97-3.ph2\",\n \"linux-esx-docs-4.9.97-3.ph2\",\n \"linux-oprofile-4.9.97-3.ph2\",\n \"linux-secure-4.9.97-3.ph2\",\n \"linux-secure-4.9.97-3.ph2\",\n \"linux-secure-debuginfo-4.9.97-3.ph2\",\n \"linux-secure-debuginfo-4.9.97-3.ph2\",\n \"linux-secure-devel-4.9.97-3.ph2\",\n \"linux-secure-devel-4.9.97-3.ph2\",\n \"linux-secure-docs-4.9.97-3.ph2\",\n \"linux-secure-docs-4.9.97-3.ph2\",\n \"linux-secure-lkcm-4.9.97-3.ph2\",\n \"linux-secure-lkcm-4.9.97-3.ph2\",\n \"linux-sound-4.9.97-3.ph2\",\n \"linux-tools-4.9.97-3.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:48:52", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0042", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18255", "CVE-2018-1000026"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0042_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121944", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0042. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121944);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-18255\", \"CVE-2018-1000026\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0042\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-42.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-tools-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.97-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.97-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-03-26T15:16:31", "description": "Update to v5.1.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-13T00:00:00", "type": "nessus", "title": "Fedora 30 : kernel / kernel-headers (2019-c03eda3cc6)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12456", "CVE-2019-12614"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-C03EDA3CC6.NASL", "href": "https://www.tenable.com/plugins/nessus/125865", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-c03eda3cc6.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125865);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-12456\", \"CVE-2019-12614\");\n script_xref(name:\"FEDORA\", value:\"2019-c03eda3cc6\");\n\n script_name(english:\"Fedora 30 : kernel / kernel-headers (2019-c03eda3cc6)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to v5.1.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c03eda3cc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12456\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-12456\", \"CVE-2019-12614\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-c03eda3cc6\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.1.8-300.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-headers-5.1.8-300.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:56", "description": "[4.1.12-124.35.1]\n- ixgbe: protect TX timestamping from API misuse (Manjunath Patil) [Orabug: 30275491] \n- block: init flush rq ref count to 1 (Josef Bacik) [Orabug: 30360559] \n- block: fix null pointer dereference in blk_mq_rq_timed_out() (Yufen Yu) [Orabug: 30360559] \n- blk-mq: Remove generation seqeunce (Keith Busch) [Orabug: 30360559] \n- scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580687] {CVE-2019-15807}\n- scsi: qla2xxx: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 30618784] {CVE-2019-16233}\n- printk: Default console logging level should be set to 4 (Boris Ostrovsky) [Orabug: 30657070]\n[4.1.12-124.34.2]\n- scsi: lpfc: Remove lpfc_enable_pbde as module parameter (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Make PBDE optimizations configurable (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Update driver version to 11.4.0.8 and Copyright updates (Ketan Mukadam) [Orabug: 30569875] \n- scsi: lpfc: Fix ELS abort on SLI-3 adapters (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Correct race with abort on completion path (James Smart) [Orabug: 30569875] \n- scsi: lpfc: update manufacturer attribute to reflect Broadcom (James Smart) [Orabug: 30569875] [Orabug: 29212758] \n- scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 30569875] [Orabug: 29212758] \n- scsi: lpfc: Correct topology type reporting on G7 adapters (James Smart) [Orabug: 30569875] [Orabug: 29212758] \n- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Enhance log messages when reporting CQE errors (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Fix frequency of Release WQE CQEs (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Code cleanup for 128byte wqe data type (James Smart) [Orabug: 30569875] \n- scsi: lpfc: use __raw_writeX on DPP copies (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Add embedded data pointers for enhanced performance (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Enable fw download on if_type=6 devices (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Add if_type=6 support for cycling valid bits (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Add 64G link speed support (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Add PCI Ids for if_type=6 hardware (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Add push-to-adapter support to sli4 (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Add SLI-4 if_type=6 support to the code base (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Rework sli4 doorbell infrastructure (James Smart) [Orabug: 30569875] \n- scsi: lpfc: Rework lpfc to allow different sli4 cq and eq handlers (James Smart) [Orabug: 30569875] \n- x86/bugs: use check_bugs instead of microcode_late_select_mitigation (Mihai Carabas) [Orabug: 30332499] \n- x86/bugs: spec_ctrl_mutex taken in stop_machine context (Mihai Carabas) [Orabug: 30332499] \n- x86/microcode: moved cpu feature late eval to stop_machine (Mihai Carabas) [Orabug: 30332499] \n- x86/cpu: Re-apply forced caps every time CPU caps are re-read (Andy Lutomirski) [Orabug: 30332499] \n- x86/microcode/intel: Check microcode revision before updating sibling threads (Ashok Raj) [Orabug: 30332499] \n- tracing: Fix possible double free on failure of allocating trace buffer (Steven Rostedt (VMware)) [Orabug: 30633873] {CVE-2017-18595}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-01-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2019-15807", "CVE-2019-16233"], "modified": "2020-01-09T00:00:00", "id": "ELSA-2020-5508", "href": "http://linux.oracle.com/errata/ELSA-2020-5508.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:11", "description": "[2.6.39-400.321.1]\n- net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055329] {CVE-2019-18806}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18806"], "modified": "2020-04-10T00:00:00", "id": "ELSA-2020-5645", "href": "http://linux.oracle.com/errata/ELSA-2020-5645.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:24:48", "description": "[2.6.39-400.319.1]\n- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350265] {CVE-2019-15916}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-02-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15916"], "modified": "2020-02-11T00:00:00", "id": "ELSA-2020-5532", "href": "http://linux.oracle.com/errata/ELSA-2020-5532.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:25:15", "description": "kernel-uek\n[3.8.13-118.44.1]\n- net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055328] {CVE-2019-18806}\n- swiotlb: clean up reporting (Kees Cook) [Orabug: 31085018] {CVE-2018-5953}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5953", "CVE-2019-18806"], "modified": "2020-04-10T00:00:00", "id": "ELSA-2020-5644", "href": "http://linux.oracle.com/errata/ELSA-2
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1452)
