{"nessus": [{"lastseen": "2023-05-18T14:29:42", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - dm: fix race between dm_get_from_kobject and\n __dm_destroy (Hou Tao) (CVE-2017-18203)\n\n - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27986407] (CVE-2018-8781)\n\n - kernel/exit.c: avoid undefined behaviour when calling wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:\n UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488] (CVE-2018-10087)\n\n - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) (CVE-2018-10124)\n\n - bluetooth: Validate socket address length in sco_sock_bind. (mlevatic) [Orabug: 28130293] (CVE-2015-8575)\n\n - dccp: check sk for closed state in dccp_sendmsg (Alexey Kodanev) [Orabug: 28220402] (CVE-2017-8824) (CVE-2018-1130)\n\n - sctp: verify size of a new chunk in _sctp_make_chunk (Alexey Kodanev) [Orabug: 28240075] (CVE-2018-5803)\n\n - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242478] (CVE-2017-7616)\n\n - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264121] (CVE-2017-11600) (CVE-2017-11600)\n\n - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug:\n 28156176] (CVE-2018-3665)\n\n - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] (CVE-2017-17741) (CVE-2017-17741)\n\n - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug:\n 27989498] (CVE-2018-10323)\n\n - Bluetooth: Prevent stack info leak from the EFS element.\n (Ben Seri) [Orabug: 28030520] (CVE-2017-1000410) (CVE-2017-1000410)\n\n - ALSA: hrtimer: Fix stall by hrtimer_cancel (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2549)\n\n - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2547) (CVE-2016-2548)\n\n - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2545)\n\n - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2543)\n\n - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2544)\n\n - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] (CVE-2016-2384)\n\n - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] (CVE-2018-1000199)\n\n - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]", "cvss3": {}, "published": "2018-07-12T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8575", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2017-1000410", "CVE-2017-11600", "CVE-2017-17741", "CVE-2017-18203", "CVE-2017-7616", "CVE-2017-8824", "CVE-2018-1000199", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5803", "CVE-2018-8781"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2018-0237.NASL", "href": "https://www.tenable.com/plugins/nessus/111022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0237.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111022);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2015-8575\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2017-1000410\", \"CVE-2017-11600\", \"CVE-2017-17741\", \"CVE-2017-18203\", \"CVE-2017-7616\", \"CVE-2017-8824\", \"CVE-2018-1000199\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-10323\", \"CVE-2018-1130\", \"CVE-2018-3665\", \"CVE-2018-5803\", \"CVE-2018-8781\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - dm: fix race between dm_get_from_kobject and\n __dm_destroy (Hou Tao) (CVE-2017-18203)\n\n - drm: udl: Properly check framebuffer mmap offsets (Greg\n Kroah-Hartman) [Orabug: 27986407] (CVE-2018-8781)\n\n - kernel/exit.c: avoid undefined behaviour when calling\n wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:\n UBSAN: Undefined behaviour in kernel/exit.c:1651:9\n (mridula shastry) [Orabug: 27875488] (CVE-2018-10087)\n\n - kernel/signal.c: avoid undefined behaviour in\n kill_something_info When running kill(72057458746458112,\n 0) in userspace I hit the following issue. (mridula\n shastry) (CVE-2018-10124)\n\n - bluetooth: Validate socket address length in\n sco_sock_bind. (mlevatic) [Orabug: 28130293]\n (CVE-2015-8575)\n\n - dccp: check sk for closed state in dccp_sendmsg (Alexey\n Kodanev) [Orabug: 28220402] (CVE-2017-8824)\n (CVE-2018-1130)\n\n - sctp: verify size of a new chunk in _sctp_make_chunk\n (Alexey Kodanev) [Orabug: 28240075] (CVE-2018-5803)\n\n - mm/mempolicy.c: fix error handling in set_mempolicy and\n mbind. (Chris Salls) [Orabug: 28242478] (CVE-2017-7616)\n\n - xfrm: policy: check policy direction value (Vladis\n Dronov) [Orabug: 28264121] (CVE-2017-11600)\n (CVE-2017-11600)\n\n - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug:\n 28156176] (CVE-2018-3665)\n\n - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng\n Li) [Orabug: 27951287] (CVE-2017-17741) (CVE-2017-17741)\n\n - xfs: set format back to extents if\n xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug:\n 27989498] (CVE-2018-10323)\n\n - Bluetooth: Prevent stack info leak from the EFS element.\n (Ben Seri) [Orabug: 28030520] (CVE-2017-1000410)\n (CVE-2017-1000410)\n\n - ALSA: hrtimer: Fix stall by hrtimer_cancel (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2549)\n\n - ALSA: timer: Harden slave timer list handling (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2547) (CVE-2016-2548)\n\n - ALSA: timer: Fix double unlink of active_list (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2545)\n\n - ALSA: seq: Fix missing NULL check at remove_events ioctl\n (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2543)\n\n - ALSA: seq: Fix race at timer setup and close (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2544)\n\n - ALSA: usb-audio: avoid freeing umidi object twice\n (Andrey Konovalov) [Orabug: 28058229] (CVE-2016-2384)\n\n - perf/hwbp: Simplify the perf-hwbp code, fix\n documentation (Linus Torvalds) [Orabug: 27947608]\n (CVE-2018-1000199)\n\n - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix\n documentation' (Brian Maly) [Orabug: 27947608]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000874.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.22.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.22.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:26", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4164 advisory.\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. (CVE-2017-18203)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. (CVE-2018-10087)\n\n - The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. (CVE-2015-8575)\n\n - The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. (CVE-2018-8781)\n\n - The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. (CVE-2018-10124)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-07-11T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8575", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2017-1000410", "CVE-2017-11600", "CVE-2017-17741", "CVE-2017-18203", "CVE-2017-7616", "CVE-2017-8824", "CVE-2018-1000199", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5803", "CVE-2018-8781"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.22.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.22.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4164.NASL", "href": "https://www.tenable.com/plugins/nessus/110998", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4164.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110998);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-8575\",\n \"CVE-2016-2384\",\n \"CVE-2016-2543\",\n \"CVE-2016-2544\",\n \"CVE-2016-2545\",\n \"CVE-2016-2547\",\n \"CVE-2016-2548\",\n \"CVE-2016-2549\",\n \"CVE-2017-7616\",\n \"CVE-2017-8824\",\n \"CVE-2017-11600\",\n \"CVE-2017-17741\",\n \"CVE-2017-18203\",\n \"CVE-2017-1000410\",\n \"CVE-2018-1130\",\n \"CVE-2018-3665\",\n \"CVE-2018-5803\",\n \"CVE-2018-8781\",\n \"CVE-2018-10087\",\n \"CVE-2018-10124\",\n \"CVE-2018-10323\",\n \"CVE-2018-1000199\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4164)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4164 advisory.\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux\n kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to\n cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and\n removal of DM devices. (CVE-2017-18203)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be\n exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of\n certain crafted system calls. (CVE-2018-1130)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not\n ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to\n cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an\n XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local users to cause a denial of service by triggering an\n attempted use of the -INT_MIN value. (CVE-2018-10087)\n\n - The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an\n address length, which allows local users to obtain sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application. (CVE-2015-8575)\n\n - The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and\n including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb\n driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution\n in kernel space. (CVE-2018-8781)\n\n - The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN\n argument. (CVE-2018-10124)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4164.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.22.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.22.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.22.1.el6uek', '3.8.13-118.22.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4164');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.22.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.22.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.22.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.22.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.22.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.22.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.22.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.22.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.22.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.22.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.22.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.22.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.22.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.22.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.22.1.el6uek / dtrace-modules-3.8.13-118.22.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:44", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug:\n 28156176] (CVE-2018-3665)\n\n - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] (CVE-2017-17741) (CVE-2017-17741)\n\n - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug:\n 27989498] (CVE-2018-10323)\n\n - Bluetooth: Prevent stack info leak from the EFS element.\n (Ben Seri) [Orabug: 28030520] (CVE-2017-1000410) (CVE-2017-1000410)\n\n - ALSA: hrtimer: Fix stall by hrtimer_cancel (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2549)\n\n - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2547) (CVE-2016-2548)\n\n - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2545)\n\n - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2543)\n\n - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2544)\n\n - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] (CVE-2016-2384)\n\n - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] (CVE-2018-1000199)\n\n - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2017-1000410", "CVE-2017-17741", "CVE-2018-1000199", "CVE-2018-10323", "CVE-2018-3665"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2018-0231.NASL", "href": "https://www.tenable.com/plugins/nessus/110581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0231.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110581);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2017-1000410\", \"CVE-2017-17741\", \"CVE-2018-1000199\", \"CVE-2018-10323\", \"CVE-2018-3665\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0231)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug:\n 28156176] (CVE-2018-3665)\n\n - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng\n Li) [Orabug: 27951287] (CVE-2017-17741) (CVE-2017-17741)\n\n - xfs: set format back to extents if\n xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug:\n 27989498] (CVE-2018-10323)\n\n - Bluetooth: Prevent stack info leak from the EFS element.\n (Ben Seri) [Orabug: 28030520] (CVE-2017-1000410)\n (CVE-2017-1000410)\n\n - ALSA: hrtimer: Fix stall by hrtimer_cancel (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2549)\n\n - ALSA: timer: Harden slave timer list handling (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2547) (CVE-2016-2548)\n\n - ALSA: timer: Fix double unlink of active_list (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2545)\n\n - ALSA: seq: Fix missing NULL check at remove_events ioctl\n (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2543)\n\n - ALSA: seq: Fix race at timer setup and close (Takashi\n Iwai) [Orabug: 28058229] (CVE-2016-2544)\n\n - ALSA: usb-audio: avoid freeing umidi object twice\n (Andrey Konovalov) [Orabug: 28058229] (CVE-2016-2384)\n\n - perf/hwbp: Simplify the perf-hwbp code, fix\n documentation (Linus Torvalds) [Orabug: 27947608]\n (CVE-2018-1000199)\n\n - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix\n documentation' (Brian Maly) [Orabug: 27947608]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2018-June/000866.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.21.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.21.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:45", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4134 advisory.\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs;, (void\n *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr;, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs;); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). (CVE-2017-1000410)\n\n - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (CVE-2018-1000199)\n\n - The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. (CVE-2017-17741)\n\n - The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (CVE-2018-10323)\n\n - System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (CVE-2018-3665)\n\n - The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. (CVE-2016-2543)\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. (CVE-2016-2549)\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. (CVE-2016-2544)\n\n - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. (CVE-2016-2545)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after- free, and system crash) via a crafted ioctl call. (CVE-2016-2547)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. (CVE-2016-2548)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2017-1000251", "CVE-2017-1000410", "CVE-2017-17741", "CVE-2018-1000199", "CVE-2018-10323", "CVE-2018-3665"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.21.4.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.21.4.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4134.NASL", "href": "https://www.tenable.com/plugins/nessus/110583", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4134.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110583);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-2384\",\n \"CVE-2016-2543\",\n \"CVE-2016-2544\",\n \"CVE-2016-2545\",\n \"CVE-2016-2547\",\n \"CVE-2016-2548\",\n \"CVE-2016-2549\",\n \"CVE-2017-17741\",\n \"CVE-2017-1000410\",\n \"CVE-2018-3665\",\n \"CVE-2018-10323\",\n \"CVE-2018-1000199\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0196-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4134 advisory.\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of\n incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of\n uninitialized stack variables that may be returned to an attacker in their uninitialized state. By\n manipulating the code flows that precede the handling of these configuration messages, an attacker can\n also gain some control over which data will be held in the uninitialized stack variables. This can allow\n him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in\n this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in\n L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels\n which were built with the above mitigations. These are the specifics of this vulnerability: In the\n function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared\n without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration\n parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call\n that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs;, (void\n *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of\n these functions the efs variable would eventually be added to the outgoing configuration request that is\n being built: l2cap_add_conf_opt(&ptr;, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs;); So by sending a\n configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length\n that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the\n uninitialized variable would be returned to the attacker (16 bytes). (CVE-2017-1000410)\n\n - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint()\n that can result in crash and possibly memory corruption. This attack appear to be exploitable via local\n code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit\n f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (CVE-2018-1000199)\n\n - The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h. (CVE-2017-17741)\n\n - The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3\n allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted\n xfs image. (CVE-2018-10323)\n\n - System software utilizing Lazy FP state restore technique on systems using Intel Core-based\n microprocessors may potentially allow a local process to infer data from another process through a\n speculative execution side channel. (CVE-2018-3665)\n\n - The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before\n 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to\n cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. (CVE-2016-2543)\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which\n allows local users to cause a denial of service (deadlock) via a crafted ioctl call. (CVE-2016-2549)\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1\n allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call\n at a certain time. (CVE-2016-2544)\n\n - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly\n maintain a certain linked list, which allows local users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call. (CVE-2016-2545)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider\n slave timer instances, which allows local users to cause a denial of service (race condition, use-after-\n free, and system crash) via a crafted ioctl call. (CVE-2016-2547)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop\n action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call,\n related to the (1) snd_timer_close and (2) _snd_timer_stop functions. (CVE-2016-2548)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4134.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000410\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.21.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.21.4.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.21.4.el6uek', '3.8.13-118.21.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4134');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.21.4.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.21.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.21.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.21.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.21.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.21.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.21.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.21.4.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.21.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.21.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.21.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.21.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.21.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.21.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.21.4.el6uek / dtrace-modules-3.8.13-118.21.4.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:45", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4145 advisory.\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (CVE-2018-1000199)\n\n - System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (CVE-2018-3665)\n\n - The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. (CVE-2016-2543)\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. (CVE-2016-2549)\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. (CVE-2016-2544)\n\n - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. (CVE-2016-2545)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after- free, and system crash) via a crafted ioctl call. (CVE-2016-2547)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. (CVE-2016-2548)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4145)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2018-1000199", "CVE-2018-3665"], "modified": "2021-09-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4145.NASL", "href": "https://www.tenable.com/plugins/nessus/110585", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4145.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110585);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-2384\",\n \"CVE-2016-2543\",\n \"CVE-2016-2544\",\n \"CVE-2016-2545\",\n \"CVE-2016-2547\",\n \"CVE-2016-2548\",\n \"CVE-2016-2549\",\n \"CVE-2018-3665\",\n \"CVE-2018-1000199\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0196-S\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4145)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-4145 advisory.\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint()\n that can result in crash and possibly memory corruption. This attack appear to be exploitable via local\n code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit\n f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (CVE-2018-1000199)\n\n - System software utilizing Lazy FP state restore technique on systems using Intel Core-based\n microprocessors may potentially allow a local process to infer data from another process through a\n speculative execution side channel. (CVE-2018-3665)\n\n - The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before\n 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to\n cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. (CVE-2016-2543)\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which\n allows local users to cause a denial of service (deadlock) via a crafted ioctl call. (CVE-2016-2549)\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1\n allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call\n at a certain time. (CVE-2016-2544)\n\n - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly\n maintain a certain linked list, which allows local users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call. (CVE-2016-2545)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider\n slave timer instances, which allows local users to cause a denial of service (race condition, use-after-\n free, and system crash) via a crafted ioctl call. (CVE-2016-2547)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop\n action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call,\n related to the (1) snd_timer_close and (2) _snd_timer_stop functions. (CVE-2016-2548)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4145.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3665\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.299.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4145');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.299.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.299.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:11", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4172 advisory.\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. (CVE-2017-17741)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. (CVE-2018-10087)\n\n - The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. (CVE-2015-8575)\n\n - The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. (CVE-2018-10124)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-07-18T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8575", "CVE-2017-11600", "CVE-2017-17741", "CVE-2017-7616", "CVE-2017-8824", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1130"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4172.NASL", "href": "https://www.tenable.com/plugins/nessus/111144", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4172.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111144);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-8575\",\n \"CVE-2017-7616\",\n \"CVE-2017-8824\",\n \"CVE-2017-11600\",\n \"CVE-2017-17741\",\n \"CVE-2018-1130\",\n \"CVE-2018-10087\",\n \"CVE-2018-10124\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-4172 advisory.\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux\n kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h. (CVE-2017-17741)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of\n certain crafted system calls. (CVE-2018-1130)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not\n ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to\n cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an\n XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local users to cause a denial of service by triggering an\n attempted use of the -INT_MIN value. (CVE-2018-10087)\n\n - The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an\n address length, which allows local users to obtain sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application. (CVE-2015-8575)\n\n - The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN\n argument. (CVE-2018-10124)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4172.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.300.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4172');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.300.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.300.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.300.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.300.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.300.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.300.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.300.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.300.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.300.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.300.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:41", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4161 advisory.\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.\n (CVE-2017-18017)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. (CVE-2018-10087)\n\n - The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. (CVE-2018-10124)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-07-11T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11600", "CVE-2017-18017", "CVE-2017-7616", "CVE-2017-8824", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1130", "CVE-2018-5803"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4161.NASL", "href": "https://www.tenable.com/plugins/nessus/110997", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4161.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110997);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-7616\",\n \"CVE-2017-8824\",\n \"CVE-2017-11600\",\n \"CVE-2017-18017\",\n \"CVE-2018-1130\",\n \"CVE-2018-5803\",\n \"CVE-2018-10087\",\n \"CVE-2018-10124\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4161)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4161 advisory.\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux\n kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x\n before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption)\n or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.\n (CVE-2017-18017)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be\n exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of\n certain crafted system calls. (CVE-2018-1130)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not\n ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to\n cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an\n XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local users to cause a denial of service by triggering an\n attempted use of the -INT_MIN value. (CVE-2018-10087)\n\n - The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN\n argument. (CVE-2018-10124)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4161.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.17.1.el6uek', '4.1.12-124.17.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4161');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.17.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.17.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.17.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.17.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.17.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.17.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.17.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.17.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.17.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.17.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.17.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.17.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:20", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756]\n\n - dccp: check sk for closed state in dccp_sendmsg (Alexey Kodanev) [Orabug: 28001529] (CVE-2017-8824) (CVE-2018-1130)\n\n - net/rds: Implement ARP flushing correctly (Hå kon Bugge) [Orabug: 28219857]\n\n - net/rds: Fix incorrect bigger vs. smaller IP address check (Hå kon Bugge) [Orabug: 28236599]\n\n - ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391]\n\n - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] (CVE-2017-11600) (CVE-2017-11600)\n\n - add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]\n\n - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] (CVE-2017-7616)\n\n - xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023]\n\n - mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) \n\n - mlx4_core: allocate ICM memory in page size chunks (Qing Huang) \n\n - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] (CVE-2018-10124)\n\n - rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214]\n\n - ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]\n\n - net/rds: Fix bug in failover_group parsing (Hå kon Bugge) [Orabug: 28198749]\n\n - sctp: verify size of a new chunk in _sctp_make_chunk (Alexey Kodanev) [Orabug: 28240074] (CVE-2018-5803)\n\n - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] (CVE-2017-18017)\n\n - kernel/exit.c: avoid undefined behaviour when calling wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:\n UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] (CVE-2018-10087)\n\n - x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]", "cvss3": {}, "published": "2018-07-12T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11600", "CVE-2017-18017", "CVE-2017-7616", "CVE-2017-8824", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1130", "CVE-2018-5803"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0236.NASL", "href": "https://www.tenable.com/plugins/nessus/111021", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0236.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111021);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-11600\", \"CVE-2017-18017\", \"CVE-2017-7616\", \"CVE-2017-8824\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1130\", \"CVE-2018-5803\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - block: update integrity interval after queue limits\n change (Ritika Srivastava) [Orabug: 27586756]\n\n - dccp: check sk for closed state in dccp_sendmsg (Alexey\n Kodanev) [Orabug: 28001529] (CVE-2017-8824)\n (CVE-2018-1130)\n\n - net/rds: Implement ARP flushing correctly (Hå kon\n Bugge) [Orabug: 28219857]\n\n - net/rds: Fix incorrect bigger vs. smaller IP address\n check (Hå kon Bugge) [Orabug: 28236599]\n\n - ocfs2: Fix locking for res->tracking and\n dlm->tracking_list (Ashish Samant) [Orabug: 28256391]\n\n - xfrm: policy: check policy direction value (Vladis\n Dronov) [Orabug: 28256487] (CVE-2017-11600)\n (CVE-2017-11600)\n\n - add kernel param to pre-allocate NICs (Brian Maly)\n [Orabug: 27870400]\n\n - mm/mempolicy.c: fix error handling in set_mempolicy and\n mbind. (Chris Salls) [Orabug: 28242475] (CVE-2017-7616)\n\n - xhci: Fix USB3 NULL pointer dereference at logical\n disconnect. (Mathias Nyman) [Orabug: 27426023]\n\n - mlx4_core: restore optimal ICM memory allocation (Eric\n Dumazet) \n\n - mlx4_core: allocate ICM memory in page size chunks (Qing\n Huang) \n\n - kernel/signal.c: avoid undefined behaviour in\n kill_something_info When running kill(72057458746458112,\n 0) in userspace I hit the following issue. (mridula\n shastry) [Orabug: 28078687] (CVE-2018-10124)\n\n - rds: tcp: compute m_ack_seq as offset from ->write_seq\n (Sowmini Varadhan) [Orabug: 28085214]\n\n - ext4: fix bitmap position validation (Lukas Czerner)\n [Orabug: 28167032]\n\n - net/rds: Fix bug in failover_group parsing (Hå kon\n Bugge) [Orabug: 28198749]\n\n - sctp: verify size of a new chunk in _sctp_make_chunk\n (Alexey Kodanev) [Orabug: 28240074] (CVE-2018-5803)\n\n - netfilter: xt_TCPMSS: add more sanity tests on\n tcph->doff (Eric Dumazet) [Orabug: 27896802]\n (CVE-2017-18017)\n\n - kernel/exit.c: avoid undefined behaviour when calling\n wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:\n UBSAN: Undefined behaviour in kernel/exit.c:1651:9\n (mridula shastry) [Orabug: 28049778] (CVE-2018-10087)\n\n - x86/bugs/module: Provide retpoline_modules_only\n parameter to fail non-retpoline modules (Konrad\n Rzeszutek Wilk) [Orabug: 28071992]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000872.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.17.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:09", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values :\n\n - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.\n\n - on: disable Speculative Store Bypass\n\n - off: enable Speculative Store Bypass\n\n - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.\n\n - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing :\n\n - 'Vulnerable'\n\n - 'Mitigation: Speculative Store Bypass disabled'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'\n\n - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)\n\n - CVE-2018-1130: The Linux kernel was vulnerable to a NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).\n\n - CVE-2018-5803: An error in the _sctp_make_chunk() function when handling SCTP, packet length could have been exploited by a malicious local user to cause a kernel crash and a DoS. (bnc#1083900).\n\n - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c (bnc#1083650 1091925).\n\n - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-23T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1366-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1065", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803", "CVE-2018-7492", "CVE-2018-8781"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1366-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1366-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110033);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-1000199\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1065\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\", \"CVE-2018-7492\", \"CVE-2018-8781\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1366-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2018-3639: Information leaks using 'Memory\n Disambiguation' feature in modern CPUs were mitigated,\n aka 'Spectre Variant 4' (bnc#1087082). A new boot\n commandline option was introduced,\n 'spec_store_bypass_disable', which can have following\n values :\n\n - auto: Kernel detects whether your CPU model contains an\n implementation of Speculative Store Bypass and picks the\n most appropriate mitigation.\n\n - on: disable Speculative Store Bypass\n\n - off: enable Speculative Store Bypass\n\n - prctl: Control Speculative Store Bypass per thread via\n prctl. Speculative Store Bypass is enabled for a process\n by default. The state of the control is inherited on\n fork.\n\n - seccomp: Same as 'prctl' above, but all seccomp threads\n will disable SSB unless they explicitly opt out. The\n default is 'seccomp', meaning programs need explicit\n opt-in into the mitigation. Status can be queried via\n the\n /sys/devices/system/cpu/vulnerabilities/spec_store_bypas\n s file, containing :\n\n - 'Vulnerable'\n\n - 'Mitigation: Speculative Store Bypass disabled'\n\n - 'Mitigation: Speculative Store Bypass disabled via\n prctl'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl\n and seccomp'\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in\n kernel/signal.c might have allowed local users to cause\n a denial of service via an INT_MIN argument\n (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in\n kernel/exit.c might have allowed local users to cause a\n denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-1000199: An address corruption flaw was\n discovered while modifying a h/w breakpoint via\n 'modify_user_hw_breakpoint' routine, an unprivileged\n user/process could use this flaw to crash the system\n kernel resulting in DoS OR to potentially escalate\n privileges on a the system. (bsc#1089895)\n\n - CVE-2018-1130: The Linux kernel was vulnerable to a NULL\n pointer dereference in dccp_write_xmit() function in\n net/dccp/output.c in that allowed a local user to cause\n a denial of service by a number of certain crafted\n system calls (bnc#1092904).\n\n - CVE-2018-5803: An error in the _sctp_make_chunk()\n function when handling SCTP, packet length could have\n been exploited by a malicious local user to cause a\n kernel crash and a DoS. (bnc#1083900).\n\n - CVE-2018-1065: The netfilter subsystem mishandled the\n case of a rule blob that contains a jump but lacks a\n user-defined chain, which allowed local users to cause a\n denial of service (NULL pointer dereference) by\n leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,\n related to arpt_do_table in\n net/ipv4/netfilter/arp_tables.c, ipt_do_table in\n net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in\n net/ipv6/netfilter/ip6_tables.c (bnc#1083650 1091925).\n\n - CVE-2018-7492: A NULL pointer dereference was found in\n the net/rds/rdma.c __rds_rdma_map() function allowing\n local attackers to cause a system panic and a\n denial-of-service, related to RDS_GET_MR and\n RDS_GET_MR_FOR_DEST (bnc#1082962).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1065/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3639/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5803/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181366-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e94d3df8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-955=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-955=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-955=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2018-955=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-955=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-955=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.131-94.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.131-94.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:34", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2931-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8767", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2931-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2931-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89936);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8767\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2931-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2931-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2931-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8767\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2931-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-67-generic\", pkgver:\"3.16.0-67.87~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-67-generic-lpae\", pkgver:\"3.16.0-67.87~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-67-lowlatency\", pkgver:\"3.16.0-67.87~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:05:29", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2929-2.NASL", "href": "https://www.tenable.com/plugins/nessus/89933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2929-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89933);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2929-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2929-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2929-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-83-generic\", pkgver:\"3.13.0-83.127~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-83-generic-lpae\", pkgver:\"3.13.0-83.127~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:08", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2929-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2929-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89932);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2929-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2929-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2929-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-generic\", pkgver:\"3.13.0-83.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-generic-lpae\", pkgver:\"3.13.0-83.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-lowlatency\", pkgver:\"3.13.0-83.127\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:11", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).\n\n A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values :\n\n - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.\n\n - on: disable Speculative Store Bypass\n\n - off: enable Speculative Store Bypass\n\n - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.\n\n - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out.\n\n The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.\n\n Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing :\n\n - 'Vulnerable'\n\n - 'Mitigation: Speculative Store Bypass disabled'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'\n\n - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)\n\n - CVE-2018-1130: Linux kernel was vulnerable to a NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).\n\n - CVE-2018-5803: An error in the _sctp_make_chunk() function when handling SCTP, packet length could have been exploited by a malicious local user to cause a kernel crash and a DoS. (bnc#1083900).\n\n - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c (bnc#1083650).\n\n - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).\n\n - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).\n\n - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1089895).\n\nThe following non-security bugs were fixed :\n\n - acpica: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382).\n\n - acpica: Events: Add runtime stub support for event APIs (bnc#1012382).\n\n - acpi / hotplug / PCI: Check presence of slot itself in get_slot_status() (bnc#1012382).\n\n - acpi, PCI, irq: remove redundant check for null string pointer (bnc#1012382).\n\n - acpi / scan: Send change uevent with offine environmental data (bsc#1082485).\n\n - acpi / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382).\n\n - alsa: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).\n\n - alsa: aloop: Mark paused device as inactive (bnc#1012382).\n\n - alsa: asihpi: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: control: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382).\n\n - alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).\n\n - alsa: hda: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: hda - New VIA controller suppor no-snoop path (bnc#1012382).\n\n - alsa: hda/realtek - Add some fixes for ALC233 (bnc#1012382).\n\n - alsa: hdspm: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: line6: Use correct endpoint type for midi output (bnc#1012382).\n\n - alsa: opl3: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382).\n\n - alsa: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382).\n\n - alsa: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).\n\n - alsa: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382).\n\n - alsa: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382).\n\n - alsa: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382).\n\n - alsa: pcm: potential uninitialized return values (bnc#1012382).\n\n - alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382).\n\n - alsa: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382).\n\n - alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382).\n\n - alsa: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382).\n\n - alsa: rme9652: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012382).\n\n - alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382).\n\n - alsa: seq: oss: Hardening for potential Spectre v1 (bnc#1012382).\n\n - alsa: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).\n\n - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032).\n\n - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382).\n\n - arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032).\n\n - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032).\n\n - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313).\n\n - arm64: fix smccc compilation (bsc#1068032).\n\n - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382).\n\n - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032).\n\n - arm64: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032).\n\n - arm64: kvm: Increment PC after handling an SMC trap (bsc#1068032).\n\n - arm64: kvm: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032).\n\n - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050).\n\n - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032).\n\n - arm: amba: Do not read past the end of sysfs 'driver_override' buffer (bnc#1012382).\n\n - arm: amba: Fix race condition with driver_override (bnc#1012382).\n\n - arm: amba: Make driver_override output consistent with other buses (bnc#1012382).\n\n - arm/arm64: kvm: Add PSCI_VERSION helper (bsc#1068032).\n\n - arm/arm64: kvm: Add smccc accessors to PSCI code (bsc#1068032).\n\n - arm/arm64: kvm: Advertise SMCCC v1.1 (bsc#1068032).\n\n - arm/arm64: kvm: Consolidate the PSCI include files (bsc#1068032).\n\n - arm/arm64: kvm: Implement PSCI 1.0 support (bsc#1068032).\n\n - arm/arm64: kvm: Turn kvm_psci_version into a static inline (bsc#1068032).\n\n - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032).\n\n - arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032).\n\n - arm: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382).\n\n - arm: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382).\n\n - arm: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382).\n\n - arm: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382).\n\n - arm: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382).\n\n - arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382).\n\n - arm: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382).\n\n - arm: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible string to esdhc node (bnc#1012382).\n\n - arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382).\n\n - arp: fix arp_filter on l3slave devices (bnc#1012382).\n\n - arp: honour gratuitous ARP _replies_ (bnc#1012382).\n\n - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382).\n\n - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382).\n\n - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).\n\n - ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382).\n\n - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382).\n\n - ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382).\n\n - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382).\n\n - ath10k: rebuild crypto header in rx data frames (bnc#1012382).\n\n - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382).\n\n - ath9k_hw: check if the chip failed to wake up (bnc#1012382).\n\n - atm: zatm: Fix potential Spectre v1 (bnc#1012382).\n\n - audit: add tty field to LOGIN event (bnc#1012382).\n\n - autofs: mount point create should honour passed in mode (bnc#1012382).\n\n - bcache: segregate flash only volume write streams (bnc#1012382).\n\n - bcache: stop writeback thread after detaching (bnc#1012382).\n\n - bdi: Fix oops in wb_workfn() (bnc#1012382).\n\n - blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718)\n\n - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058).\n\n - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382).\n\n - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058).\n\n - block/loop: fix deadlock after loop_set_status (bnc#1012382).\n\n - block: sanity check for integrity intervals (bsc#1091728).\n\n - bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382).\n\n - bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382).\n\n - bna: Avoid reading past end of buffer (bnc#1012382).\n\n - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382).\n\n - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (bnc#1012382).\n\n - bonding: Do not update slave->link until ready to commit (bnc#1012382).\n\n - bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382).\n\n - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382).\n\n - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382).\n\n - bpf: map_get_next_key to return first key on NULL (bnc#1012382).\n\n - btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382).\n\n - btrfs: Fix wrong first_key parameter in replace_path (Followup fix for bsc#1084721).\n\n - btrfs: Only check first key for committed tree blocks (bsc#1084721).\n\n - btrfs: Validate child tree block's level and first key (bsc#1084721).\n\n - bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382).\n\n - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382).\n\n - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bnc#1012382).\n\n - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (bnc#1012382).\n\n - cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382).\n\n - ceph: adding protection for showing cap reservation info (bsc#1089115).\n\n - ceph: always update atime/mtime/ctime for new inode (bsc#1089115).\n\n - ceph: check if mds create snaprealm when setting quota (fate#324665 bsc#1089115).\n\n - ceph: do not check quota for snap inode (fate#324665 bsc#1089115).\n\n - ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115).\n\n - ceph: fix root quota realm check (fate#324665 bsc#1089115).\n\n - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115).\n\n - ceph: quota: add counter for snaprealms with quota (fate#324665 bsc#1089115).\n\n - ceph: quota: add initial infrastructure to support cephfs quotas (fate#324665 bsc#1089115).\n\n - ceph: quota: cache inode pointer in ceph_snap_realm (fate#324665 bsc#1089115).\n\n - ceph: quota: do not allow cross-quota renames (fate#324665 bsc#1089115).\n\n - ceph: quota: report root dir quota usage in statfs (fate#324665 bsc#1089115).\n\n - ceph: quota: support for ceph.quota.max_bytes (fate#324665 bsc#1089115).\n\n - ceph: quota: support for ceph.quota.max_files (fate#324665 bsc#1089115).\n\n - ceph: quota: update MDS when max_bytes is approaching (fate#324665 bsc#1089115).\n\n - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382).\n\n - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684).\n\n - cifs: do not allow creating sockets except with SMB1 posix exensions (bnc#1012382).\n\n - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734).\n\n - cifs: silence lockdep splat in cifs_relock_file() (bnc#1012382).\n\n - cifs: Use file_dentry() (bsc#1093008).\n\n - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bnc#1012382).\n\n - clk: Fix __set_clk_rates error print-string (bnc#1012382).\n\n - clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382).\n\n - clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382).\n\n - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382).\n\n - clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled (bsc#1090225).\n\n - cpumask: Add helper cpumask_available() (bnc#1012382).\n\n - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).\n\n - crypto: ahash - Fix early termination in hash walk (bnc#1012382).\n\n - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382).\n\n - cx25840: fix unchecked return values (bnc#1012382).\n\n - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).\n\n - cxgb4: Fix queue free path of ULD drivers (bsc#1022743 FATE#322540).\n\n - cxgb4: FW upgrade fixes (bnc#1012382).\n\n - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382).\n\n - dccp: initialize ireq->ir_mark (bnc#1012382).\n\n - dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382).\n\n - dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382).\n\n - dm ioctl: remove double parentheses (bnc#1012382).\n\n - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382).\n\n - Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382).\n\n - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (FATE#321732).\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296,FATE#321265).\n\n - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382).\n\n - drm/omap: fix tiled buffer stride calculations (bnc#1012382).\n\n - drm/radeon: Fix PCIe lane width calculation (bnc#1012382).\n\n - drm/virtio: fix vq wait_event condition (bnc#1012382).\n\n - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).\n\n - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382).\n\n - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382).\n\n - EDAC, mv64x60: Fix an error handling path (bnc#1012382).\n\n - Enable uinput driver (bsc#1092566).\n\n - esp: Fix memleaks on error paths (git-fixes).\n\n - ext4: add validity checks for bitmap block numbers (bnc#1012382).\n\n - ext4: bugfix for mmaped pages in mpage_release_unused_pages() (bnc#1012382).\n\n - ext4: do not allow r/w mounts if metadata blocks overlap the superblock (bnc#1012382).\n\n - ext4: do not update checksum of new initialized bitmaps (bnc#1012382).\n\n - ext4: fail ext4_iget for root directory if unallocated (bnc#1012382).\n\n - ext4: fix bitmap position validation (bnc#1012382).\n\n - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() (bnc#1012382).\n\n - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).\n\n - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382).\n\n - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382).\n\n - ext4: set h_journal if there is a failure starting a reserved handle (bnc#1012382).\n\n - fanotify: fix logic of events on child (bnc#1012382).\n\n - firmware/psci: Expose PSCI conduit (bsc#1068032).\n\n - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032).\n\n - fix race in drivers/char/random.c:get_reg() (bnc#1012382).\n\n - frv: declare jiffies to be located in the .data section (bnc#1012382).\n\n - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382).\n\n - fs/proc: Stop trying to report thread stacks (bnc#1012382).\n\n - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382).\n\n - genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (bnc#1012382).\n\n - gpio: label descriptors using the device name (bnc#1012382).\n\n - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).\n\n - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382).\n\n - HID: core: Fix size as type u32 (bnc#1012382).\n\n - HID: Fix hid_report_len usage (bnc#1012382).\n\n - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bnc#1012382).\n\n - HID: i2c-hid: fix size check and type usage (bnc#1012382).\n\n - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes).\n\n - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382).\n\n - hypfs_kill_super(): deal with failed allocations (bnc#1012382).\n\n - i40iw: Free IEQ resources (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - IB/core: Fix possible crash to access NULL netdev (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - IB/mlx5: Use unlimited rate when static rate is not supported (bnc#1012382).\n\n - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).\n\n - ibmvnic: Clear pending interrupt after device reset (bsc#1089644).\n\n - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198).\n\n - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610).\n\n - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).\n\n - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600).\n\n - ibmvnic: Fix DMA mapping mistakes (bsc#1088600).\n\n - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600).\n\n - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).\n\n - ibmvnic: Fix reset scheduler error handling (bsc#1088600).\n\n - ibmvnic: Fix statistics buffers memory leak (bsc#1093990).\n\n - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).\n\n - ibmvnic: Handle all login error conditions (bsc#1089198).\n\n - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600).\n\n - ib/srp: Fix completion vector assignment algorithm (bnc#1012382).\n\n - ib/srp: Fix srp_abort() (bnc#1012382).\n\n - ib/srpt: Fix abort handling (bnc#1012382).\n\n - ib/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296,FATE#321265).\n\n - iio: hi8435: avoid garbage event at first enable (bnc#1012382).\n\n - iio: hi8435: cleanup reset gpio (bnc#1012382).\n\n - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382).\n\n - input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes).\n\n - input: ALPS - fix trackstick button handling on V8 devices (git-fixes).\n\n - input: ALPS - fix TrackStick support for SS5 hardware (git-fixes).\n\n - input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad (git-fixes).\n\n - input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bnc#1012382).\n\n - input: drv260x - fix initializing overdrive voltage (bnc#1012382).\n\n - input: elan_i2c - check if device is there before really probing (bnc#1012382).\n\n - input: elan_i2c - clear INT before resetting controller (bnc#1012382).\n\n - input: elantech - force relative mode on a certain module (bnc#1012382).\n\n - input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382).\n\n - input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382).\n\n - input: leds - fix out of bound access (bnc#1012382).\n\n - input: mousedev - fix implicit conversion warning (bnc#1012382).\n\n - iommu/vt-d: Fix a potential memory leak (bnc#1012382).\n\n - ip6_gre: better validate user provided tunnel names (bnc#1012382).\n\n - ip6_tunnel: better validate user provided tunnel names (bnc#1012382).\n\n - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1012382).\n\n - ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062, bsc#1060799).\n\n - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871).\n\n - ipsec: check return value of skb_to_sgvec always (bnc#1012382).\n\n - ip_tunnel: better validate user provided tunnel names (bnc#1012382).\n\n - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382).\n\n - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382).\n\n - ipv6: sit: better validate user provided tunnel names (bnc#1012382).\n\n - ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382).\n\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).\n\n - iw_cxgb4: print mapped ports correctly (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n\n - jbd2: fix use after free in kjournald2() (bnc#1012382).\n\n - jbd2: if the journal is aborted then do not allow update of the log tail (bnc#1012382).\n\n - jffs2_kill_sb(): deal with failed allocations (bnc#1012382).\n\n - jiffies.h: declare jiffies and jiffies_64 with\n ____cacheline_aligned_in_smp (bnc#1012382).\n\n - kABI: add tty include to audit.c (kabi).\n\n - kABI: protect hid report functions (kabi).\n\n - kABI: protect jiffies types (kabi).\n\n - kABI: protect skb_to_sgvec* (kabi).\n\n - kABI: protect sound/timer.h include in sound pcm.c (kabi).\n\n - kABI: protect struct ath10k_hw_params (kabi).\n\n - kABI: protect struct cstate (kabi).\n\n - kABI: protect struct _lowcore (kabi).\n\n - kABI: protect tty include in audit.h (kabi).\n\n - kabi/severities: Ignore kgr_shadow_* kABI changes\n\n - kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).\n\n - kexec_file: do not add extra alignment to efi memmap (bsc#1044596).\n\n - keys: DNS: limit the length of option strings (bnc#1012382).\n\n - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033, fate#313296).\n\n - kGraft: fix small race in reversion code (bsc#1083125).\n\n - kobject: do not use WARN for registration failures (bnc#1012382).\n\n - kvm: Fix nopvspin static branch init usage (bsc#1056427).\n\n - kvm: Introduce nopvspin kernel parameter (bsc#1056427).\n\n - kvm: nVMX: Fix handling of lmsw instruction (bnc#1012382).\n\n - kvm: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382).\n\n - kvm: s390: Enable all facility bits that are known good for passthrough (FATE#324071 LTC#158956 bnc#1012382 bsc#1073059 bsc#1076805).\n\n - kvm: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382).\n\n - l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382).\n\n - l2tp: fix missing print session offset info (bnc#1012382).\n\n - lan78xx: Correctly indicate invalid OTP (bnc#1012382).\n\n - leds: pca955x: Correct I2C Functionality (bnc#1012382).\n\n - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).\n\n - libceph, ceph: change permission for readonly debugfs entries (bsc#1089115).\n\n - libceph: fix misjudgement of maximum monitor number (bsc#1089115).\n\n - libceph: reschedule a tick in finish_hunting() (bsc#1089115).\n\n - libceph: un-backoff on tick when we have a authenticated session (bsc#1089115).\n\n - libceph: validate con->state at the top of try_write() (bsc#1089115).\n\n - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296).\n\n - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296).\n\n - llc: delete timers synchronously in llc_sk_free() (bnc#1012382).\n\n - llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382).\n\n - llc: hold llc_sap before release_sock() (bnc#1012382).\n\n - llist: clang: introduce member_address_is_nonnull() (bnc#1012382).\n\n - lockd: fix lockd shutdown race (bnc#1012382).\n\n - lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes).\n\n - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).\n\n - mac80211: allow not sending MIC up from driver for HW crypto (bnc#1012382).\n\n - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).\n\n - mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382).\n\n - mceusb: sporadic RX truncation corruption fix (bnc#1012382).\n\n - md: document lifetime of internal rdev pointer (bsc#1056415).\n\n - md: fix two problems with setting the 're-add' device state (bsc#1089023).\n\n - md: only allow remove_and_add_spares when no sync_thread running (bsc#1056415).\n\n - md raid10: fix NULL deference in handle_write_completed() (git-fixes).\n\n - md/raid10: reset the 'first' at the end of loop (bnc#1012382).\n\n - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382).\n\n - media: videobuf2-core: do not go out of the buffer range (bnc#1012382).\n\n - mei: remove dev_err message on an unsupported ioctl (bnc#1012382).\n\n - mISDN: Fix a sleep-in-atomic bug (bnc#1012382).\n\n - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382).\n\n - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267).\n\n - mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382).\n\n - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382).\n\n - mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382).\n\n - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block (bnc#1012382).\n\n - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382).\n\n - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block (bnc#1012382).\n\n - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382).\n\n - neighbour: update neigh timestamps iff update is effective (bnc#1012382).\n\n - net: af_packet: fix race in PACKET_(R|T)X_RING (bnc#1012382).\n\n - net: atm: Fix potential Spectre v1 (bnc#1012382).\n\n - net: cavium: liquidio: fix up 'Avoid dma_unmap_single on uninitialized ndata' (bnc#1012382).\n\n - net: cdc_ncm: Fix TX zero padding (bnc#1012382).\n\n - net: emac: fix reset timeout with AR8035 phy (bnc#1012382).\n\n - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382).\n\n - netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382).\n\n - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382).\n\n - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382).\n\n - netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382).\n\n - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382).\n\n - net: fix deadlock while clearing neighbor proxy table (bnc#1012382).\n\n - net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382).\n\n - net: fix rtnh_ok() (bnc#1012382).\n\n - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).\n\n - net: fool proof dev_valid_name() (bnc#1012382).\n\n - net: freescale: fix potential NULL pointer dereference (bnc#1012382).\n\n - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511).\n\n - net: hns: Fix ethtool private flags (bsc#1085511).\n\n - net: ieee802154: fix net_device reference release too early (bnc#1012382).\n\n - net: initialize skb->peeked when cloning (bnc#1012382).\n\n - net/ipv6: Fix route leaking between VRFs (bnc#1012382).\n\n - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382).\n\n - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).\n\n - netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382).\n\n - net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382).\n\n - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382).\n\n - net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382).\n\n - net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 FATE#321685 bsc#1015337 FATE#321686 bsc#1015340 FATE#321687).\n\n - net/mlx4: Fix the check in attaching steering rules (bnc#1012382).\n\n - net/mlx5: avoid build warning for uniprocessor (bnc#1012382).\n\n - net/mlx5e: Add error print in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Check support before TC swap in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Fix error handling in load one (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382).\n\n - net: move somaxconn init from sysctl code (bnc#1012382).\n\n - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382).\n\n - net: qca_spi: Fix alignment issues in rx path (bnc#1012382).\n\n - net sched actions: fix dumping which requires several messages to user space (bnc#1012382).\n\n - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382).\n\n - net: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).\n\n - net: validate attribute sizes in neigh_dump_table() (bnc#1012382).\n\n - net: x25: fix one potential use-after-free issue (bnc#1012382).\n\n - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382).\n\n - nfsv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382).\n\n - nfsv4.1: Work around a Linux server bug.. (bnc#1012382).\n\n - nospec: Kill array_index_nospec_mask_check() (bnc#1012382).\n\n - nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382).\n\n - nvme: target: fix buffer overflow (FATE#321732 FATE#321590 bsc#993388).\n\n - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).\n\n - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1070404).\n\n - ovl: filter trusted xattr for non-admin (bnc#1012382).\n\n - packet: fix bitfield update race (bnc#1012382).\n\n - parisc: Fix out of array access in match_pci_device() (bnc#1012382).\n\n - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382).\n\n - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382).\n\n - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699).\n\n - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348).\n\n - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382).\n\n - percpu: include linux/sched.h for cond_resched() (bnc#1012382).\n\n - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382).\n\n - perf/core: Fix locking for children siblings group read (git-fixes).\n\n - perf/core: Fix possible Spectre-v1 indexing for\n ->aux_pages[] (bnc#1012382).\n\n - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).\n\n - perf header: Set proper module name when build-id event found (bnc#1012382).\n\n - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382).\n\n - perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382).\n\n - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly (bnc#1012382).\n\n - perf intel-pt: Fix sync_switch (bnc#1012382).\n\n - perf intel-pt: Fix timestamp following overflow (bnc#1012382).\n\n - perf probe: Add warning message if there is unexpected event name (bnc#1012382).\n\n - perf: Remove superfluous allocation error check (bnc#1012382).\n\n - perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382).\n\n - perf: Return proper values for user stack errors (bnc#1012382).\n\n - perf tests: Decompress kernel module before objdump (bnc#1012382).\n\n - perf tools: Fix copyfile_offset update of output offset (bnc#1012382).\n\n - perf trace: Add mmap alias for s390 (bnc#1012382).\n\n - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bnc#1012382).\n\n - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bnc#1012382).\n\n - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bnc#1012382).\n\n - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bnc#1012382).\n\n - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() (bnc#1012382).\n\n - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill (bsc#1093035).\n\n - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() (bnc#1012382).\n\n - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382).\n\n - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032).\n\n - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157).\n\n - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE] (bnc#1012382).\n\n - powerpc: conditionally compile platform-specific serial drivers (bsc#1066223).\n\n - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242).\n\n - powerpc: Do not send system reset request through the oops path (bsc#1088242).\n\n - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382).\n\n - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).\n\n - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772).\n\n - powerpc/lib: Fix off-by-one in alternate feature patching (bnc#1012382).\n\n - powerpc/mm: allow memory hotplug into a memoryless node (bsc#1090663).\n\n - powerpc/mm: Allow memory hotplug into an offline node (bsc#1090663).\n\n - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382).\n\n - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382).\n\n - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382).\n\n - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc: signals: Discard transaction state from signal frames (bsc#1094059).\n\n - powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382).\n\n - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242).\n\n - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157).\n\n - pppoe: check sockaddr length in pppoe_connect() (bnc#1012382).\n\n - pptp: remove a buggy dst release in pptp_connect() (bnc#1012382).\n\n - qlge: Avoid reading past end of buffer (bnc#1012382).\n\n - r8152: add Linksys USB3GIGV1 id (bnc#1012382).\n\n - r8169: fix setting driver_data after register_netdev (bnc#1012382).\n\n - radeon: hide pointless #warning when compile testing (bnc#1012382).\n\n - random: use a tighter cap in credit_entropy_bits_safe() (bnc#1012382).\n\n - random: use lockless method of accessing and updating f->reg_idx (bnc#1012382).\n\n - ray_cs: Avoid reading past end of buffer (bnc#1012382).\n\n - rdma/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access (FATE#321732).\n\n - rdma/mlx5: Protect from NULL pointer derefence (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - rdma/mlx5: Protect from shift operand overflow (bnc#1012382).\n\n - rdma/qedr: fix QP's ack timeout configuration (bsc#1022604 FATE#321747).\n\n - rdma/qedr: Fix QP state initialization race (bsc#1022604 FATE#321747).\n\n - rdma/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604 FATE#321747).\n\n - rdma/rxe: Fix an out-of-bounds read (FATE#322149).\n\n - rdma/ucma: Allow resolving address w/o specifying source address (bnc#1012382).\n\n - rdma/ucma: Check AF family prior resolving address (bnc#1012382).\n\n - rdma/ucma: Check that device exists prior to accessing it (bnc#1012382).\n\n - rdma/ucma: Check that device is connected prior to access it (bnc#1012382).\n\n - rdma/ucma: Do not allow join attempts for unsupported AF family (bnc#1012382).\n\n - rdma/ucma: Do not allow setting RDMA_OPTION_IB_PATH without an RDMA device (bnc#1012382).\n\n - rdma/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382).\n\n - rdma/ucma: Fix use-after-free access in ucma_close (bnc#1012382).\n\n - rdma/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382).\n\n - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (bnc#1012382).\n\n - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' (bsc#1091960).\n\n - resource: fix integer overflow at reallocation (bnc#1012382).\n\n - Revert 'alsa: pcm: Fix mutex unbalance in OSS emulation ioctls' (kabi).\n\n - Revert 'alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams' (kabi).\n\n - Revert 'arm: dts: am335x-pepper: Fix the audio CODEC's reset pin' (bnc#1012382).\n\n - Revert 'arm: dts: omap3-n900: Fix the audio CODEC's reset pin' (bnc#1012382).\n\n - Revert 'ath10k: rebuild crypto header in rx data frames' (kabi).\n\n - Revert 'ath10k: send (re)assoc peer command when NSS changed' (bnc#1012382).\n\n - Revert 'Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174' (bnc#1012382).\n\n - Revert 'cpufreq: Fix governor module removal race' (bnc#1012382).\n\n - Revert 'ip6_vti: adjust vti mtu according to mtu of lower device' (bnc#1012382).\n\n - Revert 'kvm: Fix stack-out-of-bounds read in write_mmio' (bnc#1083635).\n\n - Revert 'mac80211: Add RX flag to indicate ICV stripped' (kabi).\n\n - Revert 'mac80211: allow not sending MIC up from driver for HW crypto' (kabi).\n\n - Revert 'mac80211: allow same PN for AMSDU sub-frames' (kabi).\n\n - Revert 'mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.' (kabi).\n\n - Revert 'mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.' (kabi).\n\n - Revert 'mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.' (kabi).\n\n - Revert 'mtip32xx: use runtime tag to initialize command header' (bnc#1012382).\n\n - Revert 'PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()' (bnc#1012382).\n\n - Revert 'perf tests: Decompress kernel module before objdump' (bnc#1012382).\n\n - Revert 'xhci: plat: Register shutdown for xhci_plat' (bnc#1012382).\n\n - rfkill: gpio: fix memory leak in probe error path (bnc#1012382).\n\n - rpc_pipefs: fix double-dput() (bnc#1012382).\n\n - rpm/config.sh: build against SP3 in OBS as well.\n\n - rtc: interface: Validate alarm-time before handling rollover (bnc#1012382).\n\n - rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382).\n\n - rtc: snvs: fix an incorrect check of return value (bnc#1012382).\n\n - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bnc#1012382).\n\n - rxrpc: check return value of skb_to_sgvec always (bnc#1012382).\n\n - s390: add automatic detection of the spectre defense (bnc#1012382).\n\n - s390: add optimized array_index_mask_nospec (bnc#1012382).\n\n - s390: add options to change branch prediction behaviour for the kernel (bnc#1012382 bsc#1068032).\n\n - s390: add sysfs attributes for spectre (bnc#1012382).\n\n - s390/alternative: use a copy of the facility bit mask (bnc#1012382).\n\n - s390/cio: update chpid descriptor after resource accessibility event (bnc#1012382).\n\n - s390: correct module section names for expoline code revert (bnc#1012382).\n\n - s390: correct nospec auto detection init order (bnc#1012382).\n\n - s390/dasd: fix hanging safe offline (bnc#1012382).\n\n - s390/dasd: fix IO error for newly defined devices (bnc#1093144, LTC#167398).\n\n - s390: do not bypass BPENTER for interrupt system calls (bnc#1012382).\n\n - s390: enable CPU alternatives unconditionally (bnc#1012382).\n\n - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382).\n\n - s390: introduce execute-trampolines for branches (bnc#1012382).\n\n - s390/ipl: ensure loadparm valid flag is set (bnc#1012382).\n\n - s390: move nobp parameter functions to nospec-branch.c (bnc#1012382).\n\n - s390: move _text symbol to address higher than zero (bnc#1012382).\n\n - s390/qdio: do not merge ERROR output buffers (bnc#1012382).\n\n - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382).\n\n - s390/qeth: consolidate errno translation (bnc#1093144, LTC#167507).\n\n - s390/qeth: fix MAC address update sequence (bnc#1093144, LTC#167609).\n\n - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093144, LTC#167507).\n\n - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (bnc#1012382).\n\n - s390: report spectre mitigation via syslog (bnc#1012382).\n\n - s390: run user space and KVM guests with modified branch prediction (bnc#1012382).\n\n - s390: scrub registers on kernel entry and KVM exit (bnc#1012382).\n\n - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1012382).\n\n - sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382).\n\n - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() (bnc#1012382).\n\n - scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382).\n\n - scsi: libsas: initialize sas_phy status according to response of DISCOVER (bnc#1012382).\n\n - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865).\n\n - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088865).\n\n - scsi: lpfc: Correct target queue depth application changes (bsc#1088865).\n\n - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088865).\n\n - scsi: lpfc: Fix Abort request WQ selection (bsc#1088865).\n\n - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088865).\n\n - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088865).\n\n - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865).\n\n - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865).\n\n - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088865).\n\n - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088865).\n\n - scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865).\n\n - scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865).\n\n - scsi: mpt3sas: Proper handling of set/clear of 'ATA command pending' flag (bnc#1012382).\n\n - scsi: mptsas: Disable WRITE SAME (bnc#1012382).\n\n - scsi: sd: Defer spinning up drive while SANITIZE is in progress (bnc#1012382).\n\n - sctp: do not check port in sctp_inet6_cmp_addr (bnc#1012382).\n\n - sctp: do not leak kernel memory to user space (bnc#1012382).\n\n - sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382).\n\n - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (bnc#1012382).\n\n - selftests/powerpc: Fix TM resched DSCR test with some compilers (bnc#1012382).\n\n - selinux: do not check open permission on sockets (bnc#1012382).\n\n - selinux: Remove redundant check for unknown labeling behavior (bnc#1012382).\n\n - selinux: Remove unnecessary check of array base in selinux_set_mapping() (bnc#1012382).\n\n - serial: 8250: omap: Disable DMA for console UART (bnc#1012382).\n\n - serial: mctrl_gpio: Add missing module license (bnc#1012382).\n\n - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init (bnc#1012382).\n\n - serial: sh-sci: Fix race condition causing garbage during shutdown (bnc#1012382).\n\n - sh_eth: Use platform device for printing before register_netdev() (bnc#1012382).\n\n - sit: reload iphdr in ipip6_rcv (bnc#1012382).\n\n - skbuff: only inherit relevant tx_flags (bnc#1012382).\n\n - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow (bnc#1012382).\n\n - sky2: Increase D3 delay to sky2 stops working after suspend (bnc#1012382).\n\n - slip: Check if rstate is initialized before uncompressing (bnc#1012382).\n\n - soreuseport: initialise timewait reuseport field (bnc#1012382).\n\n - sparc64: ldc abort during vds iso boot (bnc#1012382).\n\n - spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382).\n\n - staging: comedi: ni_mio_common: ack ai fifo error interrupts (bnc#1012382).\n\n - staging: ion : Donnot wakeup kswapd in ion system alloc (bnc#1012382).\n\n - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning (bnc#1012382).\n\n - stop_machine, sched: Fix migrate_swap() vs.\n active_balance() deadlock (bsc#1088810).\n\n - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153).\n\n - tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382).\n\n - target: prefer dbroot of /etc/target over /var/target (bsc#1087274).\n\n - target: transport should handle st FM/EOM/ILI reads (bsc#1081599).\n\n - tcp: better validation of received ack sequences (bnc#1012382).\n\n - tcp: do not read out-of-bounds opsize (bnc#1012382).\n\n - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).\n\n - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (bnc#1012382).\n\n - team: avoid adding twice the same option to the event list (bnc#1012382).\n\n - team: fix netconsole setup over team (bnc#1012382).\n\n - test_firmware: fix setting old custom fw path back on exit, second try (bnc#1012382).\n\n - thermal: imx: Fix race condition in imx_thermal_probe() (bnc#1012382).\n\n - thermal: power_allocator: fix one race condition issue for thermal_instances list (bnc#1012382).\n\n - thunderbolt: Resume control channel after hibernation image is created (bnc#1012382).\n\n - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382).\n\n - tracepoint: Do not warn on ENOMEM (bnc#1012382).\n\n - tracing: Fix regex_match_front() to not over compare the test string (bnc#1012382).\n\n - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).\n\n - tty: Do not call panic() at tty_ldisc_init() (bnc#1012382).\n\n - tty: make n_tty_read() always abort if hangup is in progress (bnc#1012382).\n\n - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bnc#1012382).\n\n - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set (bnc#1012382).\n\n - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bnc#1012382).\n\n - tty: provide tty_name() even without CONFIG_TTY (bnc#1012382).\n\n - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382).\n\n - ubi: fastmap: Do not flush fastmap work on detach (bnc#1012382).\n\n - ubi: Fix error for write access (bnc#1012382).\n\n - ubifs: Check ubifs_wbuf_sync() return code (bnc#1012382).\n\n - ubi: Reject MLC NAND (bnc#1012382).\n\n - um: Use POSIX ucontext_t instead of struct ucontext (bnc#1012382).\n\n - Update config files, add expoline for s390x (bsc#1089393).\n\n - Update patches.fixes/0001-md-raid10-fix-NULL-deference-in-handl e_write_complet.patch (bsc#1056415).\n\n - Update patches.fixes/xfs-refactor-log-record-unpack-and-data-pr ocessing.patch (bsc#1043598, bsc#1036215).\n\n - Update patches.suse/powerpc-powernv-Support-firmware-disable-of\n -RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - Update patches.suse/powerpc-pseries-Support-firmware-disable-of\n -RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - Update patches.suse/powerpc-rfi-flush-Move-the-logic-to-avoid-a\n -redo-int.patch (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994 bsc#1075091 bnc#1085958).\n\n - usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382 bsc#1092888).\n\n - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).\n\n - usb: chipidea: properly handle host or gadget initialization failure (bnc#1012382).\n\n - usb: core: Add quirk for HP v222w 16GB Mini (bnc#1012382).\n\n - usb: dwc2: Improve gadget state disconnection handling (bnc#1012382).\n\n - usb: dwc3: keystone: check return value (bnc#1012382).\n\n - usb: dwc3: pci: Properly cleanup resource (bnc#1012382).\n\n - usb: ene_usb6250: fix first command execution (bnc#1012382).\n\n - usb: ene_usb6250: fix SCSI residue overwriting (bnc#1012382).\n\n - usb:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw (bnc#1012382).\n\n - usb: gadget: align buffer size when allocating for OUT endpoint (bnc#1012382).\n\n - usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382).\n\n - usb: gadget: define free_ep_req as universal function (bnc#1012382).\n\n - usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382).\n\n - usb: gadget: fix request length error for isoc transfer (git-fixes).\n\n - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align (bnc#1012382).\n\n - usb: Increment wakeup count on remote wakeup (bnc#1012382).\n\n - usbip: usbip_host: fix to hold parent lock for device_attach() calls (bnc#1012382).\n\n - usbip: vhci_hcd: Fix usb device and sockfd leaks (bnc#1012382).\n\n - usb: musb: gadget: misplaced out of bounds check (bnc#1012382).\n\n - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).\n\n - usb: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382).\n\n - usb: serial: cp210x: add ID for NI USB serial console (bnc#1012382).\n\n - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382).\n\n - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bnc#1012382).\n\n - usb: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster (bnc#1012382).\n\n - usb: serial: option: adding support for ublox R410M (bnc#1012382).\n\n - usb: serial: option: Add support for Quectel EP06 (bnc#1012382).\n\n - usb: serial: option: reimplement interface masking (bnc#1012382).\n\n - usb: serial: simple: add libtransistor console (bnc#1012382).\n\n - usb: serial: visor: handle potential invalid device configuration (bnc#1012382).\n\n - vfb: fix video mode and line_length being set when loaded (bnc#1012382).\n\n - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382).\n\n - vfio/pci: Virtualize Maximum Read Request Size (bnc#1012382).\n\n - vfio-pci: Virtualize PCIe & AF FLR (bnc#1012382).\n\n - vhost: correctly remove wait queue during poll failure (bnc#1012382).\n\n - virtio: add ability to iterate over vqs (bnc#1012382).\n\n - virtio_console: free buffers after reset (bnc#1012382).\n\n - virtio_net: check return value of skb_to_sgvec always (bnc#1012382).\n\n - virtio_net: check return value of skb_to_sgvec in one more location (bnc#1012382).\n\n - vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382).\n\n - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (bnc#1012382).\n\n - vmxnet3: ensure that adapter is in proper state during force_close (bnc#1012382).\n\n - vrf: Fix use after free and double free in vrf_finish_output (bnc#1012382).\n\n - vt: change SGR 21 to follow the standards (bnc#1012382).\n\n - vti6: better validate user provided tunnel names (bnc#1012382).\n\n - vxlan: dont migrate permanent fdb entries during learn (bnc#1012382).\n\n - watchdog: f71808e_wdt: Fix WD_EN register read (bnc#1012382).\n\n - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).\n\n - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679).\n\n - wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382).\n\n - writeback: fix the wrong congested state variable definition (bnc#1012382).\n\n - writeback: safer lock nesting (bnc#1012382).\n\n - x86/asm: Do not use RBP as a temporary register in csum_partial_copy_generic() (bnc#1012382).\n\n - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).\n\n - x86/bugs: Make sure that _TIF_SSBD does not end up in\n _TIF_ALLWORK_MASK (bsc#1093215).\n\n - x86/bugs: Respect retpoline command line option (bsc#1068032).\n\n - x86/hweight: Do not clobber %rdi (bnc#1012382).\n\n - x86/hweight: Get rid of the special calling convention (bnc#1012382).\n\n - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds (bnc#1012382).\n\n - x86/platform/UV: Add references to access fixed UV4A HUB MMRs (bsc#1076263 #fate#322814).\n\n - x86/platform/uv/BAU: Replace hard-coded values with MMR definitions (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix critical UV MMR address error (bsc#1076263\n\n - x86/platform/UV: Fix GAM MMR changes in UV4A (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix GAM MMR references in the UV x2apic code (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1091325).\n\n - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix UV4A support on new Intel Processors (bsc#1076263 #fate#322814).\n\n - x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case (bsc#1089925).\n\n - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (bsc#1076263 #fate#322814).\n\n - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bnc#1012382).\n\n - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bnc#1012382).\n\n - x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382).\n\n - xen: avoid type warning in xchg_xen_ulong (bnc#1012382).\n\n - xen-netfront: Fix hang on device removal (bnc#1012382).\n\n - xfrm: fix state migration copy replay sequence numbers (bnc#1012382).\n\n - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (bnc#1012382).\n\n - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).\n\n - xfrm_user: uncoditionally validate esn replay attribute struct (bnc#1012382).\n\n - xfs: always verify the log tail during recovery (bsc#1036215).\n\n - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).\n\n - xfs: detect and trim torn writes during log recovery (bsc#1036215).\n\n - xfs: fix log recovery corruption error due to tail overwrite (bsc#1036215).\n\n - xfs: fix recovery failure when log record header wraps log end (bsc#1036215).\n\n - xfs: handle -EFSCORRUPTED during head/tail verification (bsc#1036215).\n\n - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).\n\n - xfs: refactor and open code log record crc check (bsc#1036215).\n\n - xfs: refactor log record start detection into a new helper (bsc#1036215).\n\n - xfs: return start block of first bad log record during recovery (bsc#1036215).\n\n - xfs: support a crc verification only log record pass (bsc#1036215).\n\n - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019).\n\n - watchdog: hpwdt: condition early return of NMI handler on iLO5 (bsc#1085185).\n\n - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).\n\n - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).\n\n - watchdog: hpwdt: Update Module info and copyright (bsc#1085185).", "cvss3": {}, "published": "2018-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-514) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18257", "CVE-2018-1000199", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1065", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803", "CVE-2018-7492", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kselftests-kmp-debug", "p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla", "p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-514.NASL", "href": "https://www.tenable.com/plugins/nessus/110104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-514.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110104);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-18257\", \"CVE-2018-1000199\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1065\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\", \"CVE-2018-7492\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-514) (Spectre)\");\n script_summary(english:\"Check for the openSUSE-2018-514 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-3639: Information leaks using 'Memory\n Disambiguation' feature in modern CPUs were mitigated,\n aka 'Spectre Variant 4' (bnc#1087082).\n\n A new boot commandline option was introduced,\n 'spec_store_bypass_disable', which can have following\n values :\n\n - auto: Kernel detects whether your CPU model contains an\n implementation of Speculative Store Bypass and picks the\n most appropriate mitigation.\n\n - on: disable Speculative Store Bypass\n\n - off: enable Speculative Store Bypass\n\n - prctl: Control Speculative Store Bypass per thread via\n prctl. Speculative Store Bypass is enabled for a process\n by default. The state of the control is inherited on\n fork.\n\n - seccomp: Same as 'prctl' above, but all seccomp threads\n will disable SSB unless they explicitly opt out.\n\n The default is 'seccomp', meaning programs need explicit\n opt-in into the mitigation.\n\n Status can be queried via the\n /sys/devices/system/cpu/vulnerabilities/spec_store_bypas\n s file, containing :\n\n - 'Vulnerable'\n\n - 'Mitigation: Speculative Store Bypass disabled'\n\n - 'Mitigation: Speculative Store Bypass disabled via\n prctl'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl\n and seccomp'\n\n - CVE-2017-18257: The __get_data_block function in\n fs/f2fs/data.c allowed local users to cause a denial of\n service (integer overflow and loop) via crafted use of\n the open and fallocate system calls with an\n FS_IOC_FIEMAP ioctl. (bnc#1088241)\n\n - CVE-2018-1130: Linux kernel was vulnerable to a NULL\n pointer dereference in dccp_write_xmit() function in\n net/dccp/output.c in that allowed a local user to cause\n a denial of service by a number of certain crafted\n system calls (bnc#1092904).\n\n - CVE-2018-5803: An error in the _sctp_make_chunk()\n function when handling SCTP, packet length could have\n been exploited by a malicious local user to cause a\n kernel crash and a DoS. (bnc#1083900).\n\n - CVE-2018-1065: The netfilter subsystem mishandled the\n case of a rule blob that contains a jump but lacks a\n user-defined chain, which allowed local users to cause a\n denial of service (NULL pointer dereference) by\n leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,\n related to arpt_do_table in\n net/ipv4/netfilter/arp_tables.c, ipt_do_table in\n net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in\n net/ipv6/netfilter/ip6_tables.c (bnc#1083650).\n\n - CVE-2018-7492: A NULL pointer dereference was found in\n the net/rds/rdma.c __rds_rdma_map() function that\n allowed local attackers to cause a system panic and a\n denial-of-service, related to RDS_GET_MR and\n RDS_GET_MR_FOR_DEST (bnc#1082962).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in\n kernel/signal.c might have allowed local users to cause\n a denial of service via an INT_MIN argument\n (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in\n kernel/exit.c might have allowed local users to cause a\n denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-8822: Incorrect buffer length handling in the\n ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c\n could be exploited by malicious NCPFS servers to crash\n the kernel or execute code (bnc#1086162).\n\n - CVE-2018-1000199: A bug in x86 debug register handling\n of ptrace() could lead to memory corruption, possibly a\n denial of service or privilege escalation (bsc#1089895).\n\nThe following non-security bugs were fixed :\n\n - acpica: Disassembler: Abort on an invalid/unknown AML\n opcode (bnc#1012382).\n\n - acpica: Events: Add runtime stub support for event APIs\n (bnc#1012382).\n\n - acpi / hotplug / PCI: Check presence of slot itself in\n get_slot_status() (bnc#1012382).\n\n - acpi, PCI, irq: remove redundant check for null string\n pointer (bnc#1012382).\n\n - acpi / scan: Send change uevent with offine\n environmental data (bsc#1082485).\n\n - acpi / video: Add quirk to force acpi-video backlight on\n Samsung 670Z5E (bnc#1012382).\n\n - alsa: aloop: Add missing cable lock to ctl API callbacks\n (bnc#1012382).\n\n - alsa: aloop: Mark paused device as inactive\n (bnc#1012382).\n\n - alsa: asihpi: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: control: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: core: Report audio_tstamp in snd_pcm_sync_ptr\n (bnc#1012382).\n\n - alsa: hda/conexant - Add fixup for HP Z2 G4 workstation\n (bsc#1092975).\n\n - alsa: hda: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: hda - New VIA controller suppor no-snoop path\n (bnc#1012382).\n\n - alsa: hda/realtek - Add some fixes for ALC233\n (bnc#1012382).\n\n - alsa: hdspm: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: line6: Use correct endpoint type for midi output\n (bnc#1012382).\n\n - alsa: opl3: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: oss: consolidate kmalloc/memset 0 call to kzalloc\n (bnc#1012382).\n\n - alsa: pcm: Avoid potential races between OSS ioctls and\n read/write (bnc#1012382).\n\n - alsa: pcm: Check PCM state at xfern compat ioctl\n (bnc#1012382).\n\n - alsa: pcm: Fix endless loop for XRUN recovery in OSS\n emulation (bnc#1012382).\n\n - alsa: pcm: Fix mutex unbalance in OSS emulation ioctls\n (bnc#1012382).\n\n - alsa: pcm: Fix UAF at PCM release via PCM timer access\n (bnc#1012382).\n\n - alsa: pcm: potential uninitialized return values\n (bnc#1012382).\n\n - alsa: pcm: Return -EBUSY for OSS ioctls changing busy\n streams (bnc#1012382).\n\n - alsa: pcm: Use dma_bytes as size parameter in\n dma_mmap_coherent() (bnc#1012382).\n\n - alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS\n emulation (bnc#1012382).\n\n - alsa: rawmidi: Fix missing input substream checks in\n compat ioctls (bnc#1012382).\n\n - alsa: rme9652: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: seq: Fix races at MIDI encoding in\n snd_virmidi_output_trigger() (bnc#1012382).\n\n - alsa: seq: oss: Fix unbalanced use lock for synth MIDI\n device (bnc#1012382).\n\n - alsa: seq: oss: Hardening for potential Spectre v1\n (bnc#1012382).\n\n - alsa: usb-audio: Skip broken EU on Dell dock USB-audio\n (bsc#1090658).\n\n - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening\n support (bsc#1068032).\n\n - arm64: avoid overflow in VA_START and PAGE_OFFSET\n (bnc#1012382).\n\n - arm64: capabilities: Handle duplicate entries for a\n capability (bsc#1068032).\n\n - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop\n early (bsc#1068032).\n\n - arm64: Enforce BBM for huge IO/VMAP mappings\n (bsc#1088313).\n\n - arm64: fix smccc compilation (bsc#1068032).\n\n - arm64: futex: Fix undefined behaviour with\n FUTEX_OP_OPARG_SHIFT usage (bnc#1012382).\n\n - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround\n (bsc#1068032).\n\n - arm64: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling\n (bsc#1068032).\n\n - arm64: kvm: Increment PC after handling an SMC trap\n (bsc#1068032).\n\n - arm64: kvm: Report SMCCC_ARCH_WORKAROUND_1 BP hardening\n support (bsc#1068032).\n\n - arm64: mm: fix thinko in non-global page table attribute\n check (bsc#1088050).\n\n - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery\n (bsc#1068032).\n\n - arm: amba: Do not read past the end of sysfs\n 'driver_override' buffer (bnc#1012382).\n\n - arm: amba: Fix race condition with driver_override\n (bnc#1012382).\n\n - arm: amba: Make driver_override output consistent with\n other buses (bnc#1012382).\n\n - arm/arm64: kvm: Add PSCI_VERSION helper (bsc#1068032).\n\n - arm/arm64: kvm: Add smccc accessors to PSCI code\n (bsc#1068032).\n\n - arm/arm64: kvm: Advertise SMCCC v1.1 (bsc#1068032).\n\n - arm/arm64: kvm: Consolidate the PSCI include files\n (bsc#1068032).\n\n - arm/arm64: kvm: Implement PSCI 1.0 support\n (bsc#1068032).\n\n - arm/arm64: kvm: Turn kvm_psci_version into a static\n inline (bsc#1068032).\n\n - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive\n (bsc#1068032).\n\n - arm/arm64: smccc: Make function identifiers an unsigned\n quantity (bsc#1068032).\n\n - arm: davinci: da8xx: Create DSP device only when\n assigned memory (bnc#1012382).\n\n - arm: dts: am57xx-beagle-x15-common: Add overide\n powerhold property (bnc#1012382).\n\n - arm: dts: at91: at91sam9g25: fix mux-mask pinctrl\n property (bnc#1012382).\n\n - arm: dts: at91: sama5d4: fix pinctrl compatible string\n (bnc#1012382).\n\n - arm: dts: dra7: Add power hold and power controller\n properties to palmas (bnc#1012382).\n\n - arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin\n (bnc#1012382).\n\n - arm: dts: imx6qdl-wandboard: Fix audio channel swap\n (bnc#1012382).\n\n - arm: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible\n string to esdhc node (bnc#1012382).\n\n - arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull\n (bnc#1012382).\n\n - arp: fix arp_filter on l3slave devices (bnc#1012382).\n\n - arp: honour gratuitous ARP _replies_ (bnc#1012382).\n\n - ASoC: fsl_esai: Fix divisor calculation failure at lower\n ratio (bnc#1012382).\n\n - ASoC: Intel: cht_bsw_rt5645: Analog Mic support\n (bnc#1012382).\n\n - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).\n\n - ASoC: ssm2602: Replace reg_default_raw with reg_default\n (bnc#1012382).\n\n - async_tx: Fix DMA_PREP_FENCE usage in\n do_async_gen_syndrome() (bnc#1012382).\n\n - ata: libahci: properly propagate return value of\n platform_get_irq() (bnc#1012382).\n\n - ath10k: fix rfc1042 header retrieval in QCA4019 with eth\n decap mode (bnc#1012382).\n\n - ath10k: rebuild crypto header in rx data frames\n (bnc#1012382).\n\n - ath5k: fix memory leak on buf on failed eeprom read\n (bnc#1012382).\n\n - ath9k_hw: check if the chip failed to wake up\n (bnc#1012382).\n\n - atm: zatm: Fix potential Spectre v1 (bnc#1012382).\n\n - audit: add tty field to LOGIN event (bnc#1012382).\n\n - autofs: mount point create should honour passed in mode\n (bnc#1012382).\n\n - bcache: segregate flash only volume write streams\n (bnc#1012382).\n\n - bcache: stop writeback thread after detaching\n (bnc#1012382).\n\n - bdi: Fix oops in wb_workfn() (bnc#1012382).\n\n - blacklist.conf: Add an omapdrm entry (bsc#1090708,\n bsc#1090718)\n\n - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in\n blk_mq_ct_ctx_init() (bsc#1085058).\n\n - blk-mq: fix kernel oops in blk_mq_tag_idle()\n (bnc#1012382).\n\n - block: correctly mask out flags in blk_rq_append_bio()\n (bsc#1085058).\n\n - block/loop: fix deadlock after loop_set_status\n (bnc#1012382).\n\n - block: sanity check for integrity intervals\n (bsc#1091728).\n\n - bluetooth: Fix missing encryption refresh on Security\n Request (bnc#1012382).\n\n - bluetooth: Send HCI Set Event Mask Page 2 command only\n when needed (bnc#1012382).\n\n - bna: Avoid reading past end of buffer (bnc#1012382).\n\n - bnx2x: Allow vfs to disable txvlan offload\n (bnc#1012382).\n\n - bonding: do not set slave_dev npinfo before\n slave_enable_netpoll in bond_enslave (bnc#1012382).\n\n - bonding: Do not update slave->link until ready to commit\n (bnc#1012382).\n\n - bonding: fix the err path for dev hwaddr sync in\n bond_enslave (bnc#1012382).\n\n - bonding: move dev_mc_sync after master_upper_dev_link in\n bond_enslave (bnc#1012382).\n\n - bonding: process the err returned by dev_set_allmulti\n properly in bond_enslave (bnc#1012382).\n\n - bpf: map_get_next_key to return first key on NULL\n (bnc#1012382).\n\n - btrfs: fix incorrect error return ret being passed to\n mapping_set_error (bnc#1012382).\n\n - btrfs: Fix wrong first_key parameter in replace_path\n (Followup fix for bsc#1084721).\n\n - btrfs: Only check first key for committed tree blocks\n (bsc#1084721).\n\n - btrfs: Validate child tree block's level and first key\n (bsc#1084721).\n\n - bus: brcmstb_gisb: correct support for 64-bit address\n output (bnc#1012382).\n\n - bus: brcmstb_gisb: Use register offsets with writes too\n (bnc#1012382).\n\n - can: kvaser_usb: Increase correct stats counter in\n kvaser_usb_rx_can_msg() (bnc#1012382).\n\n - cdc_ether: flag the Cinterion AHS8 modem by gemalto as\n WWAN (bnc#1012382).\n\n - cdrom: information leak in cdrom_ioctl_media_changed()\n (bnc#1012382).\n\n - ceph: adding protection for showing cap reservation info\n (bsc#1089115).\n\n - ceph: always update atime/mtime/ctime for new inode\n (bsc#1089115).\n\n - ceph: check if mds create snaprealm when setting quota\n (fate#324665 bsc#1089115).\n\n - ceph: do not check quota for snap inode (fate#324665\n bsc#1089115).\n\n - ceph: fix invalid point dereference for error case in\n mdsc destroy (bsc#1089115).\n\n - ceph: fix root quota realm check (fate#324665\n bsc#1089115).\n\n - ceph: fix rsize/wsize capping in\n ceph_direct_read_write() (bsc#1089115).\n\n - ceph: quota: add counter for snaprealms with quota\n (fate#324665 bsc#1089115).\n\n - ceph: quota: add initial infrastructure to support\n cephfs quotas (fate#324665 bsc#1089115).\n\n - ceph: quota: cache inode pointer in ceph_snap_realm\n (fate#324665 bsc#1089115).\n\n - ceph: quota: do not allow cross-quota renames\n (fate#324665 bsc#1089115).\n\n - ceph: quota: report root dir quota usage in statfs\n (fate#324665 bsc#1089115).\n\n - ceph: quota: support for ceph.quota.max_bytes\n (fate#324665 bsc#1089115).\n\n - ceph: quota: support for ceph.quota.max_files\n (fate#324665 bsc#1089115).\n\n - ceph: quota: update MDS when max_bytes is approaching\n (fate#324665 bsc#1089115).\n\n - cfg80211: make RATE_INFO_BW_20 the default\n (bnc#1012382).\n\n - ch9200: use skb_cow_head() to deal with cloned skbs\n (bsc#1088684).\n\n - cifs: do not allow creating sockets except with SMB1\n posix exensions (bnc#1012382).\n\n - cifs: silence compiler warnings showing up with\n gcc-8.0.0 (bsc#1090734).\n\n - cifs: silence lockdep splat in cifs_relock_file()\n (bnc#1012382).\n\n - cifs: Use file_dentry() (bsc#1093008).\n\n - clk: bcm2835: De-assert/assert PLL reset signal when\n appropriate (bnc#1012382).\n\n - clk: Fix __set_clk_rates error print-string\n (bnc#1012382).\n\n - clk: mvebu: armada-38x: add support for 1866MHz variants\n (bnc#1012382).\n\n - clk: mvebu: armada-38x: add support for missing clocks\n (bnc#1012382).\n\n - clk: scpi: fix return type of __scpi_dvfs_round_rate\n (bnc#1012382).\n\n - clocksource/drivers/arm_arch_timer: Avoid infinite\n recursion when ftrace is enabled (bsc#1090225).\n\n - cpumask: Add helper cpumask_available() (bnc#1012382).\n\n - crypto: af_alg - fix possible uninit-value in alg_bind()\n (bnc#1012382).\n\n - crypto: ahash - Fix early termination in hash walk\n (bnc#1012382).\n\n - crypto: x86/cast5-avx - fix ECB encryption when long sg\n follows short one (bnc#1012382).\n\n - cx25840: fix unchecked return values (bnc#1012382).\n\n - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).\n\n - cxgb4: Fix queue free path of ULD drivers (bsc#1022743\n FATE#322540).\n\n - cxgb4: FW upgrade fixes (bnc#1012382).\n\n - cxgb4vf: Fix SGE FL buffer initialization logic for 64K\n pages (bnc#1012382).\n\n - dccp: initialize ireq->ir_mark (bnc#1012382).\n\n - dmaengine: at_xdmac: fix rare residue corruption\n (bnc#1012382).\n\n - dmaengine: imx-sdma: Handle return value of\n clk_prepare_enable (bnc#1012382).\n\n - dm ioctl: remove double parentheses (bnc#1012382).\n\n - Documentation: pinctrl: palmas: Add\n ti,palmas-powerhold-override property definition\n (bnc#1012382).\n\n - Do not leak MNT_INTERNAL away from internal mounts\n (bnc#1012382).\n\n - drivers/infiniband/core/verbs.c: fix build with\n gcc-4.4.4 (FATE#321732).\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with\n gcc-4.4.4 (bnc#1024296,FATE#321265).\n\n - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple\n integer overflow tests (bnc#1012382).\n\n - drm/omap: fix tiled buffer stride calculations\n (bnc#1012382).\n\n - drm/radeon: Fix PCIe lane width calculation\n (bnc#1012382).\n\n - drm/virtio: fix vq wait_event condition (bnc#1012382).\n\n - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).\n\n - e1000e: fix race condition around skb_tstamp_tx()\n (bnc#1012382).\n\n - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails\n (bnc#1012382).\n\n - EDAC, mv64x60: Fix an error handling path (bnc#1012382).\n\n - Enable uinput driver (bsc#1092566).\n\n - esp: Fix memleaks on error paths (git-fixes).\n\n - ext4: add validity checks for bitmap block numbers\n (bnc#1012382).\n\n - ext4: bugfix for mmaped pages in\n mpage_release_unused_pages() (bnc#1012382).\n\n - ext4: do not allow r/w mounts if metadata blocks overlap\n the superblock (bnc#1012382).\n\n - ext4: do not update checksum of new initialized bitmaps\n (bnc#1012382).\n\n - ext4: fail ext4_iget for root directory if unallocated\n (bnc#1012382).\n\n - ext4: fix bitmap position validation (bnc#1012382).\n\n - ext4: fix deadlock between inline_data and\n ext4_expand_extra_isize_ea() (bnc#1012382).\n\n - ext4: Fix hole length detection in ext4_ind_map_blocks()\n (bsc#1090953).\n\n - ext4: fix off-by-one on max nr_pages in\n ext4_find_unwritten_pgoff() (bnc#1012382).\n\n - ext4: prevent right-shifting extents beyond\n EXT_MAX_BLOCKS (bnc#1012382).\n\n - ext4: set h_journal if there is a failure starting a\n reserved handle (bnc#1012382).\n\n - fanotify: fix logic of events on child (bnc#1012382).\n\n - firmware/psci: Expose PSCI conduit (bsc#1068032).\n\n - firmware/psci: Expose SMCCC version through psci_ops\n (bsc#1068032).\n\n - fix race in drivers/char/random.c:get_reg()\n (bnc#1012382).\n\n - frv: declare jiffies to be located in the .data section\n (bnc#1012382).\n\n - fs: compat: Remove warning from COMPATIBLE_IOCTL\n (bnc#1012382).\n\n - fs/proc: Stop trying to report thread stacks\n (bnc#1012382).\n\n - fs/reiserfs/journal.c: add missing resierfs_warning()\n arg (bnc#1012382).\n\n - genirq: Use cpumask_available() for check of cpumask\n variable (bnc#1012382).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (bnc#1012382).\n\n - gpio: label descriptors using the device name\n (bnc#1012382).\n\n - gpmi-nand: Handle ECC Errors in erased pages\n (bnc#1012382).\n\n - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl\n (bnc#1012382).\n\n - HID: core: Fix size as type u32 (bnc#1012382).\n\n - HID: Fix hid_report_len usage (bnc#1012382).\n\n - HID: hidraw: Fix crash on HIDIOCGFEATURE with a\n destroyed device (bnc#1012382).\n\n - HID: i2c-hid: fix size check and type usage\n (bnc#1012382).\n\n - hwmon: (ina2xx) Fix access to uninitialized mutex\n (git-fixes).\n\n - hwmon: (ina2xx) Make calibration register value fixed\n (bnc#1012382).\n\n - hypfs_kill_super(): deal with failed allocations\n (bnc#1012382).\n\n - i40iw: Free IEQ resources (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n\n - IB/core: Fix possible crash to access NULL netdev\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - IB/core: Generate GID change event regardless of RoCE\n GID table property (bsc#966191 FATE#320230 bsc#966186\n FATE#320228).\n\n - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191\n FATE#320230 bsc#966186 FATE#320228).\n\n - IB/mlx4: Include GID type when deleting GIDs from HW\n table under RoCE (bsc#966191 FATE#320230 bsc#966186\n FATE#320228).\n\n - IB/mlx5: Avoid passing an invalid QP type to firmware\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Fix incorrect size of klms in the memory region\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Fix out-of-bounds read in\n create_raw_packet_qp_rq (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n\n - IB/mlx5: revisit -Wmaybe-uninitialized warning\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - IB/mlx5: Set the default active rate and width to QDR\n and 4X (bsc#1015342 FATE#321688 bsc#1015343\n FATE#321689).\n\n - IB/mlx5: Use unlimited rate when static rate is not\n supported (bnc#1012382).\n\n - ibmvnic: Clean actual number of RX or TX pools\n (bsc#1092289).\n\n - ibmvnic: Clear pending interrupt after device reset\n (bsc#1089644).\n\n - ibmvnic: Define vnic_login_client_data name field as\n unsized array (bsc#1089198).\n\n - ibmvnic: Disable irqs before exiting reset from closed\n state (bsc#1084610).\n\n - ibmvnic: Do not notify peers on parameter change resets\n (bsc#1089198).\n\n - ibmvnic: Do not reset CRQ for Mobility driver resets\n (bsc#1088600).\n\n - ibmvnic: Fix DMA mapping mistakes (bsc#1088600).\n\n - ibmvnic: Fix failover case for non-redundant\n configuration (bsc#1088600).\n\n - ibmvnic: Fix non-fatal firmware error reset\n (bsc#1093990).\n\n - ibmvnic: Fix reset scheduler error handling\n (bsc#1088600).\n\n - ibmvnic: Fix statistics buffers memory leak\n (bsc#1093990).\n\n - ibmvnic: Free coherent DMA memory if FW map failed\n (bsc#1093990).\n\n - ibmvnic: Handle all login error conditions\n (bsc#1089198).\n\n - ibmvnic: Zero used TX descriptor counter on reset\n (bsc#1088600).\n\n - ib/srp: Fix completion vector assignment algorithm\n (bnc#1012382).\n\n - ib/srp: Fix srp_abort() (bnc#1012382).\n\n - ib/srpt: Fix abort handling (bnc#1012382).\n\n - ib/srpt: Fix an out-of-bounds stack access in\n srpt_zerolength_write() (bnc#1024296,FATE#321265).\n\n - iio: hi8435: avoid garbage event at first enable\n (bnc#1012382).\n\n - iio: hi8435: cleanup reset gpio (bnc#1012382).\n\n - iio: magnetometer: st_magn_spi: fix spi_device_id table\n (bnc#1012382).\n\n - input: ALPS - fix multi-touch decoding on SS4 plus\n touchpads (git-fixes).\n\n - input: ALPS - fix trackstick button handling on V8\n devices (git-fixes).\n\n - input: ALPS - fix TrackStick support for SS5 hardware\n (git-fixes).\n\n - input: ALPS - fix two-finger scroll breakage in right\n side on ALPS touchpad (git-fixes).\n\n - input: atmel_mxt_ts - add touchpad button mapping for\n Samsung Chromebook Pro (bnc#1012382).\n\n - input: drv260x - fix initializing overdrive voltage\n (bnc#1012382).\n\n - input: elan_i2c - check if device is there before really\n probing (bnc#1012382).\n\n - input: elan_i2c - clear INT before resetting controller\n (bnc#1012382).\n\n - input: elantech - force relative mode on a certain\n module (bnc#1012382).\n\n - input: i8042 - add Lenovo ThinkPad L460 to i8042 reset\n list (bnc#1012382).\n\n - input: i8042 - enable MUX on Sony VAIO VGN-CS series to\n fix touchpad (bnc#1012382).\n\n - input: leds - fix out of bound access (bnc#1012382).\n\n - input: mousedev - fix implicit conversion warning\n (bnc#1012382).\n\n - iommu/vt-d: Fix a potential memory leak (bnc#1012382).\n\n - ip6_gre: better validate user provided tunnel names\n (bnc#1012382).\n\n - ip6_tunnel: better validate user provided tunnel names\n (bnc#1012382).\n\n - ipc/shm: fix use-after-free of shm file via\n remap_file_pages() (bnc#1012382).\n\n - ipmi: create hardware-independent softdep for\n ipmi_devintf (bsc#1009062, bsc#1060799).\n\n - ipmi_ssif: Fix kernel panic at msg_done_handler\n (bsc#1088871).\n\n - ipsec: check return value of skb_to_sgvec always\n (bnc#1012382).\n\n - ip_tunnel: better validate user provided tunnel names\n (bnc#1012382).\n\n - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy\n (bnc#1012382).\n\n - ipv6: avoid dad-failures for addresses with NODAD\n (bnc#1012382).\n\n - ipv6: sit: better validate user provided tunnel names\n (bnc#1012382).\n\n - ipv6: the entire IPv6 header chain must fit the first\n fragment (bnc#1012382).\n\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread\n (bnc#1012382).\n\n - iw_cxgb4: print mapped ports correctly (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661\n FATE#1005781).\n\n - jbd2: fix use after free in kjournald2() (bnc#1012382).\n\n - jbd2: if the journal is aborted then do not allow update\n of the log tail (bnc#1012382).\n\n - jffs2_kill_sb(): deal with failed allocations\n (bnc#1012382).\n\n - jiffies.h: declare jiffies and jiffies_64 with\n ____cacheline_aligned_in_smp (bnc#1012382).\n\n - kABI: add tty include to audit.c (kabi).\n\n - kABI: protect hid report functions (kabi).\n\n - kABI: protect jiffies types (kabi).\n\n - kABI: protect skb_to_sgvec* (kabi).\n\n - kABI: protect sound/timer.h include in sound pcm.c\n (kabi).\n\n - kABI: protect struct ath10k_hw_params (kabi).\n\n - kABI: protect struct cstate (kabi).\n\n - kABI: protect struct _lowcore (kabi).\n\n - kABI: protect tty include in audit.h (kabi).\n\n - kabi/severities: Ignore kgr_shadow_* kABI changes\n\n - kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).\n\n - kexec_file: do not add extra alignment to efi memmap\n (bsc#1044596).\n\n - keys: DNS: limit the length of option strings\n (bnc#1012382).\n\n - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv\n kthread (bsc#1094033, fate#313296).\n\n - kGraft: fix small race in reversion code (bsc#1083125).\n\n - kobject: do not use WARN for registration failures\n (bnc#1012382).\n\n - kvm: Fix nopvspin static branch init usage\n (bsc#1056427).\n\n - kvm: Introduce nopvspin kernel parameter (bsc#1056427).\n\n - kvm: nVMX: Fix handling of lmsw instruction\n (bnc#1012382).\n\n - kvm: PPC: Book3S PR: Check copy_to/from_user return\n values (bnc#1012382).\n\n - kvm: s390: Enable all facility bits that are known good\n for passthrough (FATE#324071 LTC#158956 bnc#1012382\n bsc#1073059 bsc#1076805).\n\n - kvm: SVM: do not zero out segment attributes if segment\n is unusable or not present (bnc#1012382).\n\n - l2tp: check sockaddr length in pppol2tp_connect()\n (bnc#1012382).\n\n - l2tp: fix missing print session offset info\n (bnc#1012382).\n\n - lan78xx: Correctly indicate invalid OTP (bnc#1012382).\n\n - leds: pca955x: Correct I2C Functionality (bnc#1012382).\n\n - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs\n (bnc#1012382).\n\n - libceph, ceph: change permission for readonly debugfs\n entries (bsc#1089115).\n\n - libceph: fix misjudgement of maximum monitor number\n (bsc#1089115).\n\n - libceph: reschedule a tick in finish_hunting()\n (bsc#1089115).\n\n - libceph: un-backoff on tick when we have a authenticated\n session (bsc#1089115).\n\n - libceph: validate con->state at the top of try_write()\n (bsc#1089115).\n\n - livepatch: Allow to call a custom callback when freeing\n shadow variables (bsc#1082299 fate#313296).\n\n - livepatch: Initialize shadow variables safely by a\n custom callback (bsc#1082299 fate#313296).\n\n - llc: delete timers synchronously in llc_sk_free()\n (bnc#1012382).\n\n - llc: fix NULL pointer deref for SOCK_ZAPPED\n (bnc#1012382).\n\n - llc: hold llc_sap before release_sock() (bnc#1012382).\n\n - llist: clang: introduce member_address_is_nonnull()\n (bnc#1012382).\n\n - lockd: fix lockd shutdown race (bnc#1012382).\n\n - lockd: lost rollback of set_grace_period() in\n lockd_down_net() (git-fixes).\n\n - mac80211: Add RX flag to indicate ICV stripped\n (bnc#1012382).\n\n - mac80211: allow not sending MIC up from driver for HW\n crypto (bnc#1012382).\n\n - mac80211: allow same PN for AMSDU sub-frames\n (bnc#1012382).\n\n - mac80211: bail out from prep_connection() if a reconfig\n is ongoing (bnc#1012382).\n\n - mceusb: sporadic RX truncation corruption fix\n (bnc#1012382).\n\n - md: document lifetime of internal rdev pointer\n (bsc#1056415).\n\n - md: fix two problems with setting the 're-add' device\n state (bsc#1089023).\n\n - md: only allow remove_and_add_spares when no sync_thread\n running (bsc#1056415).\n\n - md raid10: fix NULL deference in\n handle_write_completed() (git-fixes).\n\n - md/raid10: reset the 'first' at the end of loop\n (bnc#1012382).\n\n - md/raid5: make use of spin_lock_irq over\n local_irq_disable + spin_lock (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: do not oops on overlay\n (bnc#1012382).\n\n - media: videobuf2-core: do not go out of the buffer range\n (bnc#1012382).\n\n - mei: remove dev_err message on an unsupported ioctl\n (bnc#1012382).\n\n - mISDN: Fix a sleep-in-atomic bug (bnc#1012382).\n\n - mlx5: fix bug reading rss_hash_type from CQE\n (bnc#1012382).\n\n - mmc: dw_mmc: Fix the DTO/CTO timeout overflow\n calculation for 32-bit systems (bsc#1088267).\n\n - mmc: jz4740: Fix race condition in IRQ mask update\n (bnc#1012382).\n\n - mm/filemap.c: fix NULL pointer in\n page_cache_tree_insert() (bnc#1012382).\n\n - mm, slab: reschedule cache_reap() on the same CPU\n (bnc#1012382).\n\n - mtd: cfi: cmdset_0001: Do not allow read/write to\n suspend erase block (bnc#1012382).\n\n - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend\n bug (bnc#1012382).\n\n - mtd: cfi: cmdset_0002: Do not allow read/write to\n suspend erase block (bnc#1012382).\n\n - mtd: jedec_probe: Fix crash in jedec_read_mfr()\n (bnc#1012382).\n\n - neighbour: update neigh timestamps iff update is\n effective (bnc#1012382).\n\n - net: af_packet: fix race in PACKET_(R|T)X_RING\n (bnc#1012382).\n\n - net: atm: Fix potential Spectre v1 (bnc#1012382).\n\n - net: cavium: liquidio: fix up 'Avoid dma_unmap_single on\n uninitialized ndata' (bnc#1012382).\n\n - net: cdc_ncm: Fix TX zero padding (bnc#1012382).\n\n - net: emac: fix reset timeout with AR8035 phy\n (bnc#1012382).\n\n - net: ethernet: ti: cpsw: adjust cpsw fifos depth for\n fullduplex flow control (bnc#1012382).\n\n - netfilter: bridge: ebt_among: add more missing match\n size checks (bnc#1012382).\n\n - netfilter: ctnetlink: fix incorrect nf_ct_put during\n hash resize (bnc#1012382).\n\n - netfilter: ctnetlink: Make some parameters integer to\n avoid enum mismatch (bnc#1012382).\n\n - netfilter: nf_nat_h323: fix logical-not-parentheses\n warning (bnc#1012382).\n\n - netfilter: x_tables: add and use xt_check_proc_name\n (bnc#1012382).\n\n - net: fix deadlock while clearing neighbor proxy table\n (bnc#1012382).\n\n - net: fix possible out-of-bound read in\n skb_network_protocol() (bnc#1012382).\n\n - net: fix rtnh_ok() (bnc#1012382).\n\n - net: fix uninit-value in __hw_addr_add_ex()\n (bnc#1012382).\n\n - net: fool proof dev_valid_name() (bnc#1012382).\n\n - net: freescale: fix potential NULL pointer dereference\n (bnc#1012382).\n\n - net: hns: Fix ethtool private flags (bnc#1012382\n bsc#1085511).\n\n - net: hns: Fix ethtool private flags (bsc#1085511).\n\n - net: ieee802154: fix net_device reference release too\n early (bnc#1012382).\n\n - net: initialize skb->peeked when cloning (bnc#1012382).\n\n - net/ipv6: Fix route leaking between VRFs (bnc#1012382).\n\n - net/ipv6: Increment OUTxxx counters after netfilter hook\n (bnc#1012382).\n\n - netlink: fix uninit-value in netlink_sendmsg\n (bnc#1012382).\n\n - netlink: make sure nladdr has correct size in\n netlink_connect() (bnc#1012382).\n\n - net: llc: add lock_sock in llc_ui_bind to avoid a race\n condition (bnc#1012382).\n\n - net/mlx4: Check if Granular QoS per VF has been enabled\n before updating QP qos_vport (bnc#1012382).\n\n - net/mlx4_core: Fix memory leak while delete slave's\n resources (bsc#966191 FATE#320230 bsc#966186\n FATE#320228).\n\n - net/mlx4_en: Avoid adding steering rules with invalid\n ring (bnc#1012382).\n\n - net/mlx4_en: Fix mixed PFC and Global pause user control\n requests (bsc#1015336 FATE#321685 bsc#1015337\n FATE#321686 bsc#1015340 FATE#321687).\n\n - net/mlx4: Fix the check in attaching steering rules\n (bnc#1012382).\n\n - net/mlx5: avoid build warning for uniprocessor\n (bnc#1012382).\n\n - net/mlx5e: Add error print in ETS init (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Check support before TC swap in ETS init\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: E-Switch, Use the name of static array\n instead of its address (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n\n - net/mlx5e: Remove unused define\n MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n\n - net/mlx5: Fix error handling in load one (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Tolerate irq_set_affinity_hint() failures\n (bnc#1012382).\n\n - net: move somaxconn init from sysctl code (bnc#1012382).\n\n - net: phy: avoid genphy_aneg_done() for PHYs without\n clause 22 support (bnc#1012382).\n\n - net: qca_spi: Fix alignment issues in rx path\n (bnc#1012382).\n\n - net sched actions: fix dumping which requires several\n messages to user space (bnc#1012382).\n\n - net/sched: fix NULL dereference in the error path of\n tcf_bpf_init() (bnc#1012382).\n\n - net: usb: qmi_wwan: add support for ublox R410M PID\n 0x90b2 (bnc#1012382).\n\n - net: validate attribute sizes in neigh_dump_table()\n (bnc#1012382).\n\n - net: x25: fix one potential use-after-free issue\n (bnc#1012382).\n\n - net: xfrm: use preempt-safe this_cpu_read() in\n ipcomp_alloc_tfms() (bnc#1012382).\n\n - nfsv4.1: RECLAIM_COMPLETE must handle\n NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382).\n\n - nfsv4.1: Work around a Linux server bug.. (bnc#1012382).\n\n - nospec: Kill array_index_nospec_mask_check()\n (bnc#1012382).\n\n - nospec: Move array_index_nospec() parameter checking\n into separate macro (bnc#1012382).\n\n - nvme: target: fix buffer overflow (FATE#321732\n FATE#321590 bsc#993388).\n\n - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).\n\n - ocfs2/dlm: wait for dlm recovery done when migrating all\n lock resources (bsc#1070404).\n\n - ovl: filter trusted xattr for non-admin (bnc#1012382).\n\n - packet: fix bitfield update race (bnc#1012382).\n\n - parisc: Fix out of array access in match_pci_device()\n (bnc#1012382).\n\n - parport_pc: Add support for WCH CH382L PCI-E single\n parallel port card (bnc#1012382).\n\n - partitions/msdos: Unable to mount UFS 44bsd partitions\n (bnc#1012382).\n\n - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup()\n (bsc#1084699).\n\n - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices\n (bsc#981348).\n\n - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant\n (bnc#1012382).\n\n - percpu: include linux/sched.h for cond_resched()\n (bnc#1012382).\n\n - perf/core: Correct event creation with PERF_FORMAT_GROUP\n (bnc#1012382).\n\n - perf/core: Fix locking for children siblings group read\n (git-fixes).\n\n - perf/core: Fix possible Spectre-v1 indexing for\n ->aux_pages[] (bnc#1012382).\n\n - perf/core: Fix the perf_cpu_time_max_percent check\n (bnc#1012382).\n\n - perf header: Set proper module name when build-id event\n found (bnc#1012382).\n\n - perf/hwbp: Simplify the perf-hwbp code, fix\n documentation (bnc#1012382).\n\n - perf intel-pt: Fix error recovery from missing TIP\n packet (bnc#1012382).\n\n - perf intel-pt: Fix overlap detection to identify\n consecutive buffers correctly (bnc#1012382).\n\n - perf intel-pt: Fix sync_switch (bnc#1012382).\n\n - perf intel-pt: Fix timestamp following overflow\n (bnc#1012382).\n\n - perf probe: Add warning message if there is unexpected\n event name (bnc#1012382).\n\n - perf: Remove superfluous allocation error check\n (bnc#1012382).\n\n - perf report: Ensure the perf DSO mapping matches what\n libdw sees (bnc#1012382).\n\n - perf: Return proper values for user stack errors\n (bnc#1012382).\n\n - perf tests: Decompress kernel module before objdump\n (bnc#1012382).\n\n - perf tools: Fix copyfile_offset update of output offset\n (bnc#1012382).\n\n - perf trace: Add mmap alias for s390 (bnc#1012382).\n\n - perf/x86/cstate: Fix possible Spectre-v1 indexing for\n pkg_msr (bnc#1012382).\n\n - perf/x86: Fix possible Spectre-v1 indexing for\n hw_perf_event cache_* (bnc#1012382).\n\n - perf/x86: Fix possible Spectre-v1 indexing for\n x86_pmu::event_map() (bnc#1012382).\n\n - perf/x86/msr: Fix possible Spectre-v1 indexing in the\n MSR driver (bnc#1012382).\n\n - pidns: disable pid allocation if pid_ns_prepare_proc()\n is failed in alloc_pid() (bnc#1012382).\n\n - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to\n no_hw_rfkill (bsc#1093035).\n\n - pNFS/flexfiles: missing error code in\n ff_layout_alloc_lseg() (bnc#1012382).\n\n - powerpc/64: Fix smp_wmb barrier definition use use\n lwsync consistently (bnc#1012382).\n\n - powerpc/64s: Add barrier_nospec (bsc#1068032,\n bsc#1080157).\n\n - powerpc/64s: Add support for ori barrier_nospec patching\n (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Enable barrier_nospec based on firmware\n settings (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Enhance the information in\n cpu_show_meltdown() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n\n - powerpc/64s: Enhance the information in\n cpu_show_spectre_v1() (bsc#1068032).\n\n - powerpc/64s: Fix section mismatch warnings from\n setup_rfi_flush() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n\n - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032,\n bsc#1075087, bsc#1091041).\n\n - powerpc/64s: Patch barrier_nospec in modules\n (bsc#1068032, bsc#1080157).\n\n - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032,\n bsc#1075087, bsc#1091041).\n\n - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032,\n bsc#1075087, bsc#1091041).\n\n - powerpc/64: Use barrier_nospec in syscall entry\n (bsc#1068032, bsc#1080157).\n\n - powerpc: Add security feature flags for Spectre/Meltdown\n (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting\n TCR[DIE] (bnc#1012382).\n\n - powerpc: conditionally compile platform-specific serial\n drivers (bsc#1066223).\n\n - powerpc/crash: Remove the test for cpu_online in the IPI\n callback (bsc#1088242).\n\n - powerpc: Do not send system reset request through the\n oops path (bsc#1088242).\n\n - powerpc/eeh: Fix enabling bridge MMIO windows\n (bnc#1012382).\n\n - powerpc/fadump: Do not use hugepages when fadump is\n active (bsc#1092772).\n\n - powerpc/fadump: exclude memory holes while reserving\n memory in second kernel (bsc#1092772).\n\n - powerpc/lib: Fix off-by-one in alternate feature\n patching (bnc#1012382).\n\n - powerpc/mm: allow memory hotplug into a memoryless node\n (bsc#1090663).\n\n - powerpc/mm: Allow memory hotplug into an offline node\n (bsc#1090663).\n\n - powerpc: Move default security feature flags\n (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/powernv: define a standard delay for OPAL_BUSY\n type retry loops (bnc#1012382).\n\n - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops\n (bnc#1012382).\n\n - powerpc/powernv: Handle unknown OPAL errors in\n opal_nvram_write() (bnc#1012382).\n\n - powerpc/powernv: Set or clear security feature flags\n (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/powernv: Use the security flags in\n pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n\n - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags\n (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Fix clearing of security feature flags\n (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Restore default security feature flags\n on setup (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Set or clear security feature flags\n (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/pseries: Use the security flags in\n pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n\n - powerpc/rfi-flush: Always enable fallback flush on\n pseries (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/rfi-flush: Differentiate enabled and patched\n flush types (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - powerpc/rfi-flush: Make it possible to call\n setup_rfi_flush() again (bsc#1068032, bsc#1075087,\n bsc#1091041).\n\n - powerpc: signals: Discard transaction state from signal\n frames (bsc#1094059).\n\n - powerpc/spufs: Fix coredump of SPU contexts\n (bnc#1012382).\n\n - powerpc: System reset avoid interleaving oops using die\n synchronisation (bsc#1088242).\n\n - powerpc: Use barrier_nospec in copy_from_user()\n (bsc#1068032, bsc#1080157).\n\n - pppoe: check sockaddr length in pppoe_connect()\n (bnc#1012382).\n\n - pptp: remove a buggy dst release in pptp_connect()\n (bnc#1012382).\n\n - qlge: Avoid reading past end of buffer (bnc#1012382).\n\n - r8152: add Linksys USB3GIGV1 id (bnc#1012382).\n\n - r8169: fix setting driver_data after register_netdev\n (bnc#1012382).\n\n - radeon: hide pointless #warning when compile testing\n (bnc#1012382).\n\n - random: use a tighter cap in credit_entropy_bits_safe()\n (bnc#1012382).\n\n - random: use lockless method of accessing and updating\n f->reg_idx (bnc#1012382).\n\n - ray_cs: Avoid reading past end of buffer (bnc#1012382).\n\n - rdma/core: Avoid that ib_drain_qp() triggers an\n out-of-bounds stack access (FATE#321732).\n\n - rdma/mlx5: Protect from NULL pointer derefence\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - rdma/mlx5: Protect from shift operand overflow\n (bnc#1012382).\n\n - rdma/qedr: fix QP's ack timeout configuration\n (bsc#1022604 FATE#321747).\n\n - rdma/qedr: Fix QP state initialization race (bsc#1022604\n FATE#321747).\n\n - rdma/qedr: Fix rc initialization on CNQ allocation\n failure (bsc#1022604 FATE#321747).\n\n - rdma/rxe: Fix an out-of-bounds read (FATE#322149).\n\n - rdma/ucma: Allow resolving address w/o specifying source\n address (bnc#1012382).\n\n - rdma/ucma: Check AF family prior resolving address\n (bnc#1012382).\n\n - rdma/ucma: Check that device exists prior to accessing\n it (bnc#1012382).\n\n - rdma/ucma: Check that device is connected prior to\n access it (bnc#1012382).\n\n - rdma/ucma: Do not allow join attempts for unsupported AF\n family (bnc#1012382).\n\n - rdma/ucma: Do not allow setting RDMA_OPTION_IB_PATH\n without an RDMA device (bnc#1012382).\n\n - rdma/ucma: Ensure that CM_ID exists prior to access it\n (bnc#1012382).\n\n - rdma/ucma: Fix use-after-free access in ucma_close\n (bnc#1012382).\n\n - rdma/ucma: Introduce safer rdma_addr_size() variants\n (bnc#1012382).\n\n - rds; Reset rs->rs_bound_addr in rds_add_bound() failure\n path (bnc#1012382).\n\n - regulator: gpio: Fix some error handling paths in\n 'gpio_regulator_probe()' (bsc#1091960).\n\n - resource: fix integer overflow at reallocation\n (bnc#1012382).\n\n - Revert 'alsa: pcm: Fix mutex unbalance in OSS emulation\n ioctls' (kabi).\n\n - Revert 'alsa: pcm: Return -EBUSY for OSS ioctls changing\n busy streams' (kabi).\n\n - Revert 'arm: dts: am335x-pepper: Fix the audio CODEC's\n reset pin' (bnc#1012382).\n\n - Revert 'arm: dts: omap3-n900: Fix the audio CODEC's\n reset pin' (bnc#1012382).\n\n - Revert 'ath10k: rebuild crypto header in rx data frames'\n (kabi).\n\n - Revert 'ath10k: send (re)assoc peer command when NSS\n changed' (bnc#1012382).\n\n - Revert 'Bluetooth: btusb: Fix quirk for Atheros\n 1525/QCA6174' (bnc#1012382).\n\n - Revert 'cpufreq: Fix governor module removal race'\n (bnc#1012382).\n\n - Revert 'ip6_vti: adjust vti mtu according to mtu of\n lower device' (bnc#1012382).\n\n - Revert 'kvm: Fix stack-out-of-bounds read in write_mmio'\n (bnc#1083635).\n\n - Revert 'mac80211: Add RX flag to indicate ICV stripped'\n (kabi).\n\n - Revert 'mac80211: allow not sending MIC up from driver\n for HW crypto' (kabi).\n\n - Revert 'mac80211: allow same PN for AMSDU sub-frames'\n (kabi).\n\n - Revert 'mtd: cfi: cmdset_0001: Do not allow read/write\n to suspend erase block.' (kabi).\n\n - Revert 'mtd: cfi: cmdset_0001: Workaround Micron Erase\n suspend bug.' (kabi).\n\n - Revert 'mtd: cfi: cmdset_0002: Do not allow read/write\n to suspend erase block.' (kabi).\n\n - Revert 'mtip32xx: use runtime tag to initialize command\n header' (bnc#1012382).\n\n - Revert 'PCI/MSI: Stop disabling MSI/MSI-X in\n pci_device_shutdown()' (bnc#1012382).\n\n - Revert 'perf tests: Decompress kernel module before\n objdump' (bnc#1012382).\n\n - Revert 'xhci: plat: Register shutdown for xhci_plat'\n (bnc#1012382).\n\n - rfkill: gpio: fix memory leak in probe error path\n (bnc#1012382).\n\n - rpc_pipefs: fix double-dput() (bnc#1012382).\n\n - rpm/config.sh: build against SP3 in OBS as well.\n\n - rtc: interface: Validate alarm-time before handling\n rollover (bnc#1012382).\n\n - rtc: opal: Handle disabled TPO in opal_get_tpo_time()\n (bnc#1012382).\n\n - rtc: snvs: fix an incorrect check of return value\n (bnc#1012382).\n\n - rtl8187: Fix NULL pointer dereference in\n priv->conf_mutex (bnc#1012382).\n\n - rxrpc: check return value of skb_to_sgvec always\n (bnc#1012382).\n\n - s390: add automatic detection of the spectre defense\n (bnc#1012382).\n\n - s390: add optimized array_index_mask_nospec\n (bnc#1012382).\n\n - s390: add options to change branch prediction behaviour\n for the kernel (bnc#1012382 bsc#1068032).\n\n - s390: add sysfs attributes for spectre (bnc#1012382).\n\n - s390/alternative: use a copy of the facility bit mask\n (bnc#1012382).\n\n - s390/cio: update chpid descriptor after resource\n accessibility event (bnc#1012382).\n\n - s390: correct module section names for expoline code\n revert (bnc#1012382).\n\n - s390: correct nospec auto detection init order\n (bnc#1012382).\n\n - s390/dasd: fix hanging safe offline (bnc#1012382).\n\n - s390/dasd: fix IO error for newly defined devices\n (bnc#1093144, LTC#167398).\n\n - s390: do not bypass BPENTER for interrupt system calls\n (bnc#1012382).\n\n - s390: enable CPU alternatives unconditionally\n (bnc#1012382).\n\n - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382).\n\n - s390: introduce execute-trampolines for branches\n (bnc#1012382).\n\n - s390/ipl: ensure loadparm valid flag is set\n (bnc#1012382).\n\n - s390: move nobp parameter functions to nospec-branch.c\n (bnc#1012382).\n\n - s390: move _text symbol to address higher than zero\n (bnc#1012382).\n\n - s390/qdio: do not merge ERROR output buffers\n (bnc#1012382).\n\n - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382).\n\n - s390/qeth: consolidate errno translation (bnc#1093144,\n LTC#167507).\n\n - s390/qeth: fix MAC address update sequence (bnc#1093144,\n LTC#167609).\n\n - s390/qeth: translate SETVLAN/DELVLAN errors\n (bnc#1093144, LTC#167507).\n\n - s390: Replace IS_ENABLED(EXPOLINE_*) with\n IS_ENABLED(CONFIG_EXPOLINE_*) (bnc#1012382).\n\n - s390: report spectre mitigation via syslog\n (bnc#1012382).\n\n - s390: run user space and KVM guests with modified branch\n prediction (bnc#1012382).\n\n - s390: scrub registers on kernel entry and KVM exit\n (bnc#1012382).\n\n - s390/uprobes: implement arch_uretprobe_is_alive()\n (bnc#1012382).\n\n - sched/numa: Use down_read_trylock() for the mmap_sem\n (bnc#1012382).\n\n - scsi: bnx2fc: fix race condition in\n bnx2fc_get_host_stats() (bnc#1012382).\n\n - scsi: libiscsi: Allow sd_shutdown on bad transport\n (bnc#1012382).\n\n - scsi: libsas: initialize sas_phy status according to\n response of DISCOVER (bnc#1012382).\n\n - scsi: lpfc: Add per io channel NVME IO statistics\n (bsc#1088865).\n\n - scsi: lpfc: Correct missing remoteport registration\n during link bounces (bsc#1088865).\n\n - scsi: lpfc: Correct target queue depth application\n changes (bsc#1088865).\n\n - scsi: lpfc: Enlarge nvmet asynchronous receive buffer\n counts (bsc#1088865).\n\n - scsi: lpfc: Fix Abort request WQ selection\n (bsc#1088865).\n\n - scsi: lpfc: Fix driver not recovering NVME rports during\n target link faults (bsc#1088865).\n\n - scsi: lpfc: Fix lingering lpfc_wq resource after driver\n unload (bsc#1088865).\n\n - scsi: lpfc: Fix multiple PRLI completion error path\n (bsc#1088865).\n\n - scsi: lpfc: Fix NULL pointer access in\n lpfc_nvme_info_show (bsc#1088865).\n\n - scsi: lpfc: Fix NULL pointer reference when resetting\n adapter (bsc#1088865).\n\n - scsi: lpfc: Fix nvme remoteport registration race\n conditions (bsc#1088865).\n\n - scsi: lpfc: Fix WQ/CQ creation for older asic's\n (bsc#1088865).\n\n - scsi: lpfc: update driver version to 11.4.0.7-2\n (bsc#1088865).\n\n - scsi: mpt3sas: Proper handling of set/clear of 'ATA\n command pending' flag (bnc#1012382).\n\n - scsi: mptsas: Disable WRITE SAME (bnc#1012382).\n\n - scsi: sd: Defer spinning up drive while SANITIZE is in\n progress (bnc#1012382).\n\n - sctp: do not check port in sctp_inet6_cmp_addr\n (bnc#1012382).\n\n - sctp: do not leak kernel memory to user space\n (bnc#1012382).\n\n - sctp: fix recursive locking warning in sctp_do_peeloff\n (bnc#1012382).\n\n - sctp: sctp_sockaddr_af must check minimal addr length\n for AF_INET6 (bnc#1012382).\n\n - selftests/powerpc: Fix TM resched DSCR test with some\n compilers (bnc#1012382).\n\n - selinux: do not check open permission on sockets\n (bnc#1012382).\n\n - selinux: Remove redundant check for unknown labeling\n behavior (bnc#1012382).\n\n - selinux: Remove unnecessary check of array base in\n selinux_set_mapping() (bnc#1012382).\n\n - serial: 8250: omap: Disable DMA for console UART\n (bnc#1012382).\n\n - serial: mctrl_gpio: Add missing module license\n (bnc#1012382).\n\n - serial: mctrl_gpio: export mctrl_gpio_disable_ms and\n mctrl_gpio_init (bnc#1012382).\n\n - serial: sh-sci: Fix race condition causing garbage\n during shutdown (bnc#1012382).\n\n - sh_eth: Use platform device for printing before\n register_netdev() (bnc#1012382).\n\n - sit: reload iphdr in ipip6_rcv (bnc#1012382).\n\n - skbuff: only inherit relevant tx_flags (bnc#1012382).\n\n - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent\n overflow (bnc#1012382).\n\n - sky2: Increase D3 delay to sky2 stops working after\n suspend (bnc#1012382).\n\n - slip: Check if rstate is initialized before\n uncompressing (bnc#1012382).\n\n - soreuseport: initialise timewait reuseport field\n (bnc#1012382).\n\n - sparc64: ldc abort during vds iso boot (bnc#1012382).\n\n - spi: davinci: fix up dma_mapping_error() incorrect patch\n (bnc#1012382).\n\n - staging: comedi: ni_mio_common: ack ai fifo error\n interrupts (bnc#1012382).\n\n - staging: ion : Donnot wakeup kswapd in ion system alloc\n (bnc#1012382).\n\n - staging: wlan-ng: prism2mgmt.c: fixed a double endian\n conversion before calling hfa384x_drvr_setconfig16, also\n fixes relative sparse warning (bnc#1012382).\n\n - stop_machine, sched: Fix migrate_swap() vs.\n active_balance() deadlock (bsc#1088810).\n\n - swap: divide-by-zero when zero length swap file on ssd\n (bsc#1082153).\n\n - tags: honor COMPILED_SOURCE with apart output directory\n (bnc#1012382).\n\n - target: prefer dbroot of /etc/target over /var/target\n (bsc#1087274).\n\n - target: transport should handle st FM/EOM/ILI reads\n (bsc#1081599).\n\n - tcp: better validation of received ack sequences\n (bnc#1012382).\n\n - tcp: do not read out-of-bounds opsize (bnc#1012382).\n\n - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).\n\n - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on\n established sockets (bnc#1012382).\n\n - team: avoid adding twice the same option to the event\n list (bnc#1012382).\n\n - team: fix netconsole setup over team (bnc#1012382).\n\n - test_firmware: fix setting old custom fw path back on\n exit, second try (bnc#1012382).\n\n - thermal: imx: Fix race condition in imx_thermal_probe()\n (bnc#1012382).\n\n - thermal: power_allocator: fix one race condition issue\n for thermal_instances list (bnc#1012382).\n\n - thunderbolt: Resume control channel after hibernation\n image is created (bnc#1012382).\n\n - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382).\n\n - tracepoint: Do not warn on ENOMEM (bnc#1012382).\n\n - tracing: Fix regex_match_front() to not over compare the\n test string (bnc#1012382).\n\n - tracing/uprobe_event: Fix strncpy corner case\n (bnc#1012382).\n\n - tty: Do not call panic() at tty_ldisc_init()\n (bnc#1012382).\n\n - tty: make n_tty_read() always abort if hangup is in\n progress (bnc#1012382).\n\n - tty: n_gsm: Allow ADM response in addition to UA for\n control dlci (bnc#1012382).\n\n - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2\n is not set (bnc#1012382).\n\n - tty: n_gsm: Fix long delays with control frame timeouts\n in ADM mode (bnc#1012382).\n\n - tty: provide tty_name() even without CONFIG_TTY\n (bnc#1012382).\n\n - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382).\n\n - ubi: fastmap: Do not flush fastmap work on detach\n (bnc#1012382).\n\n - ubi: Fix error for write access (bnc#1012382).\n\n - ubifs: Check ubifs_wbuf_sync() return code\n (bnc#1012382).\n\n - ubi: Reject MLC NAND (bnc#1012382).\n\n - um: Use POSIX ucontext_t instead of struct ucontext\n (bnc#1012382).\n\n - Update config files, add expoline for s390x\n (bsc#1089393).\n\n - Update\n patches.fixes/0001-md-raid10-fix-NULL-deference-in-handl\n e_write_complet.patch (bsc#1056415).\n\n - Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-pr\n ocessing.patch (bsc#1043598, bsc#1036215).\n\n - Update\n patches.suse/powerpc-powernv-Support-firmware-disable-of\n -RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - Update\n patches.suse/powerpc-pseries-Support-firmware-disable-of\n -RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - Update\n patches.suse/powerpc-rfi-flush-Move-the-logic-to-avoid-a\n -redo-int.patch (bsc#1068032, bsc#1075087, bsc#1091041).\n\n - Update\n patches.suse/x86-nospectre_v2-means-nospec-too.patch\n (bsc#1075994 bsc#1075091 bnc#1085958).\n\n - usb: Accept bulk endpoints with 1024-byte maxpacket\n (bnc#1012382 bsc#1092888).\n\n - usb: Accept bulk endpoints with 1024-byte maxpacket\n (bsc#1092888).\n\n - usb: chipidea: properly handle host or gadget\n initialization failure (bnc#1012382).\n\n - usb: core: Add quirk for HP v222w 16GB Mini\n (bnc#1012382).\n\n - usb: dwc2: Improve gadget state disconnection handling\n (bnc#1012382).\n\n - usb: dwc3: keystone: check return value (bnc#1012382).\n\n - usb: dwc3: pci: Properly cleanup resource (bnc#1012382).\n\n - usb: ene_usb6250: fix first command execution\n (bnc#1012382).\n\n - usb: ene_usb6250: fix SCSI residue overwriting\n (bnc#1012382).\n\n - usb:fix USB3 devices behind USB3 hubs not resuming at\n hibernate thaw (bnc#1012382).\n\n - usb: gadget: align buffer size when allocating for OUT\n endpoint (bnc#1012382).\n\n - usb: gadget: change len to size_t on alloc_ep_req()\n (bnc#1012382).\n\n - usb: gadget: define free_ep_req as universal function\n (bnc#1012382).\n\n - usb: gadget: f_hid: fix: Prevent accessing released\n memory (bnc#1012382).\n\n - usb: gadget: fix request length error for isoc transfer\n (git-fixes).\n\n - usb: gadget: fix usb_ep_align_maybe endianness and new\n usb_ep_align (bnc#1012382).\n\n - usb: Increment wakeup count on remote wakeup\n (bnc#1012382).\n\n - usbip: usbip_host: fix to hold parent lock for\n device_attach() calls (bnc#1012382).\n\n - usbip: vhci_hcd: Fix usb device and sockfd leaks\n (bnc#1012382).\n\n - usb: musb: gadget: misplaced out of bounds check\n (bnc#1012382).\n\n - usb: musb: host: fix potential NULL pointer dereference\n (bnc#1012382).\n\n - usb: serial: cp210x: add ELDAT Easywave RX09 id\n (bnc#1012382).\n\n - usb: serial: cp210x: add ID for NI USB serial console\n (bnc#1012382).\n\n - usb: serial: ftdi_sio: add RT Systems VX-8 cable\n (bnc#1012382).\n\n - usb: serial: ftdi_sio: add support for Harman\n FirmwareHubEmulator (bnc#1012382).\n\n - usb: serial: ftdi_sio: use jtag quirk for Arrow USB\n Blaster (bnc#1012382).\n\n - usb: serial: option: adding support for ublox R410M\n (bnc#1012382).\n\n - usb: serial: option: Add support for Quectel EP06\n (bnc#1012382).\n\n - usb: serial: option: reimplement interface masking\n (bnc#1012382).\n\n - usb: serial: simple: add libtransistor console\n (bnc#1012382).\n\n - usb: serial: visor: handle potential invalid device\n configuration (bnc#1012382).\n\n - vfb: fix video mode and line_length being set when\n loaded (bnc#1012382).\n\n - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382).\n\n - vfio/pci: Virtualize Maximum Read Request Size\n (bnc#1012382).\n\n - vfio-pci: Virtualize PCIe & AF FLR (bnc#1012382).\n\n - vhost: correctly remove wait queue during poll failure\n (bnc#1012382).\n\n - virtio: add ability to iterate over vqs (bnc#1012382).\n\n - virtio_console: free buffers after reset (bnc#1012382).\n\n - virtio_net: check return value of skb_to_sgvec always\n (bnc#1012382).\n\n - virtio_net: check return value of skb_to_sgvec in one\n more location (bnc#1012382).\n\n - vlan: also check phy_driver ts_info for vlan's real\n device (bnc#1012382).\n\n - vlan: Fix reading memory beyond skb->tail in\n skb_vlan_tagged_multi (bnc#1012382).\n\n - vmxnet3: ensure that adapter is in proper state during\n force_close (bnc#1012382).\n\n - vrf: Fix use after free and double free in\n vrf_finish_output (bnc#1012382).\n\n - vt: change SGR 21 to follow the standards (bnc#1012382).\n\n - vti6: better validate user provided tunnel names\n (bnc#1012382).\n\n - vxlan: dont migrate permanent fdb entries during learn\n (bnc#1012382).\n\n - watchdog: f71808e_wdt: Fix WD_EN register read\n (bnc#1012382).\n\n - watchdog: hpwdt: Remove legacy NMI sourcing\n (bsc#1085185).\n\n - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679).\n\n - wl1251: check return from call to\n wl1251_acx_arp_ip_filter (bnc#1012382).\n\n - writeback: fix the wrong congested state variable\n definition (bnc#1012382).\n\n - writeback: safer lock nesting (bnc#1012382).\n\n - x86/asm: Do not use RBP as a temporary register in\n csum_partial_copy_generic() (bnc#1012382).\n\n - x86/bugs: correctly force-disable IBRS on !SKL systems\n (bsc#1092497).\n\n - x86/bugs: Make sure that _TIF_SSBD does not end up in\n _TIF_ALLWORK_MASK (bsc#1093215).\n\n - x86/bugs: Respect retpoline command line option\n (bsc#1068032).\n\n - x86/hweight: Do not clobber %rdi (bnc#1012382).\n\n - x86/hweight: Get rid of the special calling convention\n (bnc#1012382).\n\n - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds\n (bnc#1012382).\n\n - x86/platform/UV: Add references to access fixed UV4A HUB\n MMRs (bsc#1076263 #fate#322814).\n\n - x86/platform/uv/BAU: Replace hard-coded values with MMR\n definitions (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix critical UV MMR address error\n (bsc#1076263\n\n - x86/platform/UV: Fix GAM MMR changes in UV4A\n (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix GAM MMR references in the UV x2apic\n code (bsc#1076263 #fate#322814).\n\n - x86/platform/UV: Fix GAM Range Table entries less than\n 1GB (bsc#1091325).\n\n - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263\n #fate#322814).\n\n - x86/platform/UV: Fix UV4A support on new Intel\n Processors (bsc#1076263 #fate#322814).\n\n - x86/platform/uv: Skip UV runtime services mapping in the\n efi_runtime_disabled case (bsc#1089925).\n\n - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A\n fixes (bsc#1076263 #fate#322814).\n\n - x86/smpboot: Do not use mwait_play_dead() on AMD systems\n (bnc#1012382).\n\n - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()\n (bnc#1012382).\n\n - x86/tsc: Provide 'tsc=unstable' boot parameter\n (bnc#1012382).\n\n - xen: avoid type warning in xchg_xen_ulong (bnc#1012382).\n\n - xen-netfront: Fix hang on device removal (bnc#1012382).\n\n - xfrm: fix state migration copy replay sequence numbers\n (bnc#1012382).\n\n - xfrm: Refuse to insert 32 bit userspace socket policies\n on 64 bit systems (bnc#1012382).\n\n - xfrm_user: fix return value from xfrm_user_rcv_msg\n (bnc#1012382).\n\n - xfrm_user: uncoditionally validate esn replay attribute\n struct (bnc#1012382).\n\n - xfs: always verify the log tail during recovery\n (bsc#1036215).\n\n - xfs: detect and handle invalid iclog size set by mkfs\n (bsc#1043598).\n\n - xfs: detect and trim torn writes during log recovery\n (bsc#1036215).\n\n - xfs: fix log recovery corruption error due to tail\n overwrite (bsc#1036215).\n\n - xfs: fix recovery failure when log record header wraps\n log end (bsc#1036215).\n\n - xfs: handle -EFSCORRUPTED during head/tail verification\n (bsc#1036215).\n\n - xfs: prevent creating negative-sized file via\n INSERT_RANGE (bnc#1012382).\n\n - xfs: refactor and open code log record crc check\n (bsc#1036215).\n\n - xfs: refactor log record start detection into a new\n helper (bsc#1036215).\n\n - xfs: return start block of first bad log record during\n recovery (bsc#1036215).\n\n - xfs: support a crc verification only log record pass\n (bsc#1036215).\n\n - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD\n (bsc#1094019).\n\n - watchdog: hpwdt: condition early return of NMI handler\n on iLO5 (bsc#1085185).\n\n - watchdog: hpwdt: Modify to use watchdog core\n (bsc#1085185).\n\n - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).\n\n - watchdog: hpwdt: Update Module info and copyright\n (bsc#1085185).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993388\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-debug-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-debug-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-default-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-default-debuginfo-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-vanilla-4.4.132-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-vanilla-debuginfo-4.4.132-53.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:11", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2932-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2932-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89937);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2932-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2932-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2932-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-generic\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-generic-lpae\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-lowlatency\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:22", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.(CVE-2018-7566)\n\n - The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675)\n\n - The Linux kernel has an undefined behavior when an argument of INT_MIN is passed to the kernel/signal.c:kill_something_info() function. A local attacker may be able to exploit this to cause a denial of service.(CVE-2018-10124)\n\n - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021)\n\n - A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.(CVE-2018-1068)\n\n - A vulnerability was found in the Linux kernel's kernel/events/core.c:perf_cpu_time_max_percent_handler( ) function. Local privileged users could exploit this flaw to cause a denial of service due to integer overflow or possibly have unspecified other impact.(CVE-2017-18255)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130)\n\n - An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2018-1000199", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10675", "CVE-2018-1068", "CVE-2018-1130", "CVE-2018-7566", "CVE-2018-8781"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/110136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110136);\n script_version(\"1.52\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18255\",\n \"CVE-2018-1000199\",\n \"CVE-2018-10021\",\n \"CVE-2018-10087\",\n \"CVE-2018-10124\",\n \"CVE-2018-10675\",\n \"CVE-2018-1068\",\n \"CVE-2018-1130\",\n \"CVE-2018-7566\",\n \"CVE-2018-8781\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - ALSA sequencer core initializes the event pool on\n demand by invoking snd_seq_pool_init() when the first\n write happens and the pool is empty. A user can reset\n the pool size manually via ioctl concurrently, and this\n may lead to UAF or out-of-bound access.(CVE-2018-7566)\n\n - The do_get_mempolicy() function in mm/mempolicy.c in\n the Linux kernel allows local users to hit a\n use-after-free bug via crafted system calls and thus\n cause a denial of service (DoS) or possibly have\n unspecified other impact. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled\n out.(CVE-2018-10675)\n\n - The Linux kernel has an undefined behavior when an\n argument of INT_MIN is passed to the\n kernel/signal.c:kill_something_info() function. A local\n attacker may be able to exploit this to cause a denial\n of service.(CVE-2018-10124)\n\n - A an integer overflow vulnerability was discovered in\n the Linux kernel, from version 3.4 through 4.15, in the\n drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An\n attacker with access to the udldrmfb driver could\n exploit this to obtain full read and write permissions\n on kernel physical pages, resulting in a code execution\n in kernel space.(CVE-2018-8781)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c\n file in the Linux kernel allow a physically proximate\n attacker to cause a memory leak in the ATA command\n queue and, thus, denial of service by triggering\n certain failure conditions.(CVE-2018-10021)\n\n - A flaw was found in the Linux kernel's implementation\n of 32-bit syscall interface for bridging. This allowed\n a privileged user to arbitrarily write to a limited\n range of kernel memory.(CVE-2018-1068)\n\n - A vulnerability was found in the Linux kernel's\n kernel/events/core.c:perf_cpu_time_max_percent_handler(\n ) function. Local privileged users could exploit this\n flaw to cause a denial of service due to integer\n overflow or possibly have unspecified other\n impact.(CVE-2017-18255)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux\n kernel, when an unspecified architecture and compiler\n is used, might allow local users to cause a denial of\n service by triggering an attempted use of the -INT_MIN\n value.(CVE-2018-10087)\n\n - A null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in the Linux kernel\n allows a local user to cause a denial of service by a\n number of certain crafted system calls.(CVE-2018-1130)\n\n - An address corruption flaw was discovered in the Linux\n kernel built with hardware breakpoint\n (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a\n h/w breakpoint via 'modify_user_hw_breakpoint' routine,\n an unprivileged user/process could use this flaw to\n crash the system kernel resulting in DoS OR to\n potentially escalate privileges on a the\n system.(CVE-2018-1000199)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1132\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9cfc5134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.185\",\n \"kernel-debug-3.10.0-229.49.1.185\",\n \"kernel-debuginfo-3.10.0-229.49.1.185\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.185\",\n \"kernel-devel-3.10.0-229.49.1.185\",\n \"kernel-headers-3.10.0-229.49.1.185\",\n \"kernel-tools-3.10.0-229.49.1.185\",\n \"kernel-tools-libs-3.10.0-229.49.1.185\",\n \"perf-3.10.0-229.49.1.185\",\n \"python-perf-3.10.0-229.49.1.185\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:38", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) (CVE-2018-3639)\n\n - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Make cpu_show_common static (Jiri Kosina) (CVE-2018-3639)\n\n - x86/bugs: Fix __ssb_select_mitigation return type (Jiri Kosina) (CVE-2018-3639)\n\n - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) (CVE-2018-3639)\n\n - proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Kees Cook) (CVE-2018-3639)\n\n - seccomp: Move speculation migitation control to arch code (Thomas Gleixner) (CVE-2018-3639)\n\n - seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook) (CVE-2018-3639)\n\n - seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) (CVE-2018-3639)\n\n - prctl: Add force disable speculation (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - seccomp: Enable speculation flaw mitigations (Kees Cook) (CVE-2018-3639)\n\n - proc: Provide details on speculation flaw mitigations (Kees Cook) (CVE-2018-3639)\n\n - nospec: Allow getting/setting on non-current task (Kees Cook) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2. (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/speculation: Add prctl for Speculative Store Bypass mitigation (Thomas Gleixner) (CVE-2018-3639)\n\n - x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas) (CVE-2018-3639)\n\n - x86/process: Allow runtime control of Speculative Store Bypass (Thomas Gleixner) (CVE-2018-3639)\n\n - prctl: Add speculation control prctls (Thomas Gleixner) (CVE-2018-3639)\n\n - x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas Gleixner) (CVE-2018-3639)\n\n - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/intel: Set proper CPU features and setup RDS (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) (CVE-2018-3639)\n\n - x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko) (CVE-2018-3639)\n\n - x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Warn if IBRS is enabled during boot.\n (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Use variable instead of defines for enabling IBRS (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - scsi: libfc: Revisit kref handling (Hannes Reinecke)\n\n - scsi: libfc: reset exchange manager during LOGO handling (Hannes Reinecke)\n\n - scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke)\n\n - scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke)\n\n - libfc: Update rport reference counting (Hannes Reinecke)\n\n - amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena Ufimtseva)\n\n - RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27422832] (CVE-2018-5333)\n\n - ACPI: sbshc: remove raw pointer from printk message (Greg Kroah-Hartman) [Orabug: 27501257] (CVE-2018-5750)\n\n - futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27539548] (CVE-2018-6927)\n\n - net: ipv4: add support for ECMP hash policy choice (Venkat Venkatsubra) [Orabug: 27547114]\n\n - net: ipv4: Consider failed nexthops in multipath routes (David Ahern) \n\n - ipv4: L3 hash-based multipath (Peter Nø rlund) [Orabug: 27547114]\n\n - dm: fix race between dm_get_from_kobject and\n __dm_destroy (Hou Tao) [Orabug: 27677556] (CVE-2017-18203)\n\n - NFS: only invalidate dentrys that are clearly invalid.\n (NeilBrown) \n\n - net: Improve handling of failures on link and route dumps (David Ahern) [Orabug: 27959177]\n\n - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 27963519] (CVE-2018-10675)\n\n - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27963530] (CVE-2018-8781)\n\n - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug:\n 27963576] (CVE-2018-10323)\n\n - Revert 'mlx4: change the ICM table allocations to lowest needed size' (Hå kon Bugge) [Orabug: 27980030]\n\n - Bluetooth: Prevent stack info leak from the EFS element.\n (Ben Seri) [Orabug: 28030514] (CVE-2017-1000410) (CVE-2017-1000410)", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0223) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000410", "CVE-2017-18203", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-3639", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-6927", "CVE-2018-8781"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0223.NASL", "href": "https://www.tenable.com/plugins/nessus/110072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0223.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110072);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2017-1000410\", \"CVE-2017-18203\", \"CVE-2018-10323\", \"CVE-2018-10675\", \"CVE-2018-3639\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-6927\", \"CVE-2018-8781\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0223) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - KVM: SVM: Move spec control call after restore of GS\n (Thomas Gleixner) (CVE-2018-3639)\n\n - x86/bugs: Fix the parameters alignment and missing void\n (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Make cpu_show_common static (Jiri Kosina)\n (CVE-2018-3639)\n\n - x86/bugs: Fix __ssb_select_mitigation return type (Jiri\n Kosina) (CVE-2018-3639)\n\n - Documentation/spec_ctrl: Do some minor cleanups\n (Borislav Petkov) (CVE-2018-3639)\n\n - proc: Use underscores for SSBD in 'status' (Konrad\n Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk)\n (CVE-2018-3639)\n\n - x86/speculation: Make 'seccomp' the default mode for\n Speculative Store Bypass (Kees Cook) (CVE-2018-3639)\n\n - seccomp: Move speculation migitation control to arch\n code (Thomas Gleixner) (CVE-2018-3639)\n\n - seccomp: Add filter flag to opt-out of SSB mitigation\n (Kees Cook) (CVE-2018-3639)\n\n - seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner)\n (CVE-2018-3639)\n\n - prctl: Add force disable speculation (Konrad Rzeszutek\n Wilk) (CVE-2018-3639)\n\n - seccomp: Enable speculation flaw mitigations (Kees Cook)\n (CVE-2018-3639)\n\n - proc: Provide details on speculation flaw mitigations\n (Kees Cook) (CVE-2018-3639)\n\n - nospec: Allow getting/setting on non-current task (Kees\n Cook) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for\n spectre_v2. (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/speculation: Add prctl for Speculative Store Bypass\n mitigation (Thomas Gleixner) (CVE-2018-3639)\n\n - x86: thread_info.h: move RDS from index 5 to 23 (Mihai\n Carabas) (CVE-2018-3639)\n\n - x86/process: Allow runtime control of Speculative Store\n Bypass (Thomas Gleixner) (CVE-2018-3639)\n\n - prctl: Add speculation control prctls (Thomas Gleixner)\n (CVE-2018-3639)\n\n - x86/speculation: Create spec-ctrl.h to avoid include\n hell (Thomas Gleixner) (CVE-2018-3639)\n\n - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest\n (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/AMD: Add support to disable RDS on\n Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk)\n (CVE-2018-3639)\n\n - x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad\n Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/intel: Set proper CPU features and setup RDS\n (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Provide boot parameters for the\n spec_store_bypass_disable mitigation (Konrad Rzeszutek\n Wilk) (CVE-2018-3639)\n\n - x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek\n Wilk) (CVE-2018-3639)\n\n - x86/bugs: Expose /sys/../spec_store_bypass (Konrad\n Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/cpu/intel: Add Knights Mill to Intel family (Piotr\n Luc) (CVE-2018-3639)\n\n - x86/cpu: Rename Merrifield2 to Moorefield (Andy\n Shevchenko) (CVE-2018-3639)\n\n - x86/bugs, KVM: Support the combination of guest and host\n IBRS (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Warn if IBRS is enabled during boot.\n (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Use variable instead of defines for\n enabling IBRS (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Read SPEC_CTRL MSR during boot and re-use\n reserved bits (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Concentrate bug reporting into a separate\n function (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs: Concentrate bug detection into a separate\n function (Konrad Rzeszutek Wilk) (CVE-2018-3639)\n\n - x86/bugs/IBRS: Turn on IBRS in\n spectre_v2_select_mitigation (Konrad Rzeszutek Wilk)\n (CVE-2018-3639)\n\n - x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk)\n (CVE-2018-3639)\n\n - scsi: libfc: Revisit kref handling (Hannes Reinecke)\n\n - scsi: libfc: reset exchange manager during LOGO handling\n (Hannes Reinecke)\n\n - scsi: libfc: send LOGO for PLOGI failure (Hannes\n Reinecke)\n\n - scsi: libfc: Issue PRLI after a PRLO has been received\n (Hannes Reinecke)\n\n - libfc: Update rport reference counting (Hannes Reinecke)\n\n - amd/kvm: do not intercept new MSRs for spectre v2\n mitigation (Elena Ufimtseva)\n\n - RDS: null pointer dereference in rds_atomic_free_op\n (Mohamed Ghannam) [Orabug: 27422832] (CVE-2018-5333)\n\n - ACPI: sbshc: remove raw pointer from printk message\n (Greg Kroah-Hartman) [Orabug: 27501257] (CVE-2018-5750)\n\n - futex: Prevent overflow by strengthen input validation\n (Li Jinyue) [Orabug: 27539548] (CVE-2018-6927)\n\n - net: ipv4: add support for ECMP hash policy choice\n (Venkat Venkatsubra) [Orabug: 27547114]\n\n - net: ipv4: Consider failed nexthops in multipath routes\n (David Ahern) \n\n - ipv4: L3 hash-based multipath (Peter Nø rlund)\n [Orabug: 27547114]\n\n - dm: fix race between dm_get_from_kobject and\n __dm_destroy (Hou Tao) [Orabug: 27677556]\n (CVE-2017-18203)\n\n - NFS: only invalidate dentrys that are clearly invalid.\n (NeilBrown) \n\n - net: Improve handling of failures on link and route\n dumps (David Ahern) [Orabug: 27959177]\n\n - mm/mempolicy: fix use after free when calling\n get_mempolicy (zhong jiang) [Orabug: 27963519]\n (CVE-2018-10675)\n\n - drm: udl: Properly check framebuffer mmap offsets (Greg\n Kroah-Hartman) [Orabug: 27963530] (CVE-2018-8781)\n\n - xfs: set format back to extents if\n xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug:\n 27963576] (CVE-2018-10323)\n\n - Revert 'mlx4: change the ICM table allocations to lowest\n needed size' (Hå kon Bugge) [Orabug: 27980030]\n\n - Bluetooth: Prevent stack info leak from the EFS element.\n (Ben Seri) [Orabug: 28030514] (CVE-2017-1000410)\n (CVE-2017-1000410)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000858.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.15.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.15.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:21", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel's kernel/events/core.c:perf_cpu_time_max_percent_handler( ) function. Local privileged users could exploit this flaw to cause a denial of service due to integer overflow or possibly have unspecified other impact.(CVE-2017-18255)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)\n\n - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781)\n\n - An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199)\n\n - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2018-1000199", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-3639", "CVE-2018-8781"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1196.NASL", "href": "https://www.tenable.com/plugins/nessus/110860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110860);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18255\",\n \"CVE-2018-1000199\",\n \"CVE-2018-10021\",\n \"CVE-2018-10087\",\n \"CVE-2018-3639\",\n \"CVE-2018-8781\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1196)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A vulnerability was found in the Linux kernel's\n kernel/events/core.c:perf_cpu_time_max_percent_handler(\n ) function. Local privileged users could exploit this\n flaw to cause a denial of service due to integer\n overflow or possibly have unspecified other\n impact.(CVE-2017-18255)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c\n file in the Linux kernel allow a physically proximate\n attacker to cause a memory leak in the ATA command\n queue and, thus, denial of service by triggering\n certain failure conditions.(CVE-2018-10021)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux\n kernel, when an unspecified architecture and compiler\n is used, might allow local users to cause a denial of\n service by triggering an attempted use of the -INT_MIN\n value.(CVE-2018-10087)\n\n - A an integer overflow vulnerability was discovered in\n the Linux kernel, from version 3.4 through 4.15, in the\n drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An\n attacker with access to the udldrmfb driver could\n exploit this to obtain full read and write permissions\n on kernel physical pages, resulting in a code execution\n in kernel space.(CVE-2018-8781)\n\n - An address corruption flaw was discovered in the Linux\n kernel built with hardware breakpoint\n (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a\n h/w breakpoint via 'modify_user_hw_breakpoint' routine,\n an unprivileged user/process could use this flaw to\n crash the system kernel resulting in DoS OR to\n potentially escalate privileges on a the\n system.(CVE-2018-1000199)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of Load i1/4+ Store instructions (a commonly\n used performance optimization). It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n read from address to which a recent memory write has\n occurred may see an older value and subsequently cause\n an update into the microprocessor's data cache even for\n speculatively executed instructions that never actually\n commit (retire). As a result, an unprivileged attacker\n could use this flaw to read privileged memory by\n conducting targeted cache side-channel\n attacks.(CVE-2018-3639)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1196\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afb1a508\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h121\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h121\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h121\",\n \"kernel-devel-3.10.0-514.44.5.10.h121\",\n \"kernel-headers-3.10.0-514.44.5.10.h121\",\n \"kernel-tools-3.10.0-514.44.5.10.h121\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h121\",\n \"perf-3.10.0-514.44.5.10.h121\",\n \"python-perf-3.10.0-514.44.5.10.h121\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:09", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.\n\nFollowing feature was added to kernel-xen :\n\n - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767).\n\n - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693).\n\n - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes.\n (bsc#967972).\n\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed.\n (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2016:0911-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-0911-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0911-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90264);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2016:0911-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing feature was added to kernel-xen :\n\n - A improved XEN blkfront module was added, which allows\n more I/O bandwidth. (FATE#320200) It is called\n xen-blkfront in PV, and xen-vbd-upstream in HVM mode.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-7515: An out of bounds memory access in the\n aiptek USB driver could be used by physical local\n attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in\n security/keys/keyctl.c in the Linux kernel did not\n properly use a semaphore, which allowed local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted application that leverages a race\n condition between keyctl_revoke and keyctl_read calls\n (bnc#958951).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (BUG) via crafted keyctl commands that\n negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c,\n security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in\n net/bluetooth/sco.c in the Linux kernel did not verify\n an address length, which allowed local users to obtain\n sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application\n (bnc#959190 bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A use-after-free flaw was found in the\n CXGB3 kernel driver when the network was considered to\n be congested. This could be used by local attackers to\n cause machine crashes or potentially code execution\n (bsc#966437).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: Race conditions in TLB syncing was fixed\n which could leak to information leaks (bnc#963767).\n\n - CVE-2016-2384: Removed a double free in the ALSA\n usb-audio driver in the umidi object which could lead to\n crashes (bsc#966693).\n\n - CVE-2016-2543: Added a missing NULL check at\n remove_events ioctl in ALSA that could lead to crashes.\n (bsc#967972).\n\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546,\n CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various\n race conditions in ALSAs timer handling were fixed.\n (bsc#967975, bsc#967974, bsc#967973, bsc#968011,\n bsc#968012, bsc#968013).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2384/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2549/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160911-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97a0fcf5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-kernel-201603-12480=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-kernel-201603-12480=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-201603-12480=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-kernel-201603-12480=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-kernel-201603-12480=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-source-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-source-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-syms-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-71.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:07", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4114 advisory.\n\n - The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs;, (void\n *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr;, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs;); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). (CVE-2017-1000410)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.\n (CVE-2018-5750)\n\n - The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. (CVE-2017-18203)\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. (CVE-2018-6927)\n\n - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (CVE-2018-3639)\n\n - The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. (CVE-2018-10675)\n\n - In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. (CVE-2018-5333)\n\n - The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (CVE-2018-10323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-1000410", "CVE-2017-18203", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-3639", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-6927", "CVE-2018-8781"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4114.NASL", "href": "https://www.tenable.com/plugins/nessus/110071", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4114.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110071);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-18203\",\n \"CVE-2017-1000410\",\n \"CVE-2018-3639\",\n \"CVE-2018-5333\",\n \"CVE-2018-5750\",\n \"CVE-2018-6927\",\n \"CVE-2018-8781\",\n \"CVE-2018-10323\",\n \"CVE-2018-10675\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0170\");\n script_xref(name:\"IAVA\", value:\"2019-A-0025-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4114 advisory.\n\n - The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of\n incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of\n uninitialized stack variables that may be returned to an attacker in their uninitialized state. By\n manipulating the code flows that precede the handling of these configuration messages, an attacker can\n also gain some control over which data will be held in the uninitialized stack variables. This can allow\n him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in\n this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in\n L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels\n which were built with the above mitigations. These are the specifics of this vulnerability: In the\n function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared\n without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration\n parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call\n that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs;, (void\n *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of\n these functions the efs variable would eventually be added to the outgoing configuration request that is\n being built: l2cap_add_conf_opt(&ptr;, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs;); So by sending a\n configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length\n that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the\n uninitialized variable would be returned to the attacker (16 bytes). (CVE-2017-1000410)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local\n users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.\n (CVE-2018-5750)\n\n - The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to\n cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and\n removal of DM devices. (CVE-2017-18203)\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to\n cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a\n negative wake or requeue value. (CVE-2018-6927)\n\n - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads\n before the addresses of all prior memory writes are known may allow unauthorized disclosure of information\n to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB),\n Variant 4. (CVE-2018-3639)\n\n - The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to\n cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system\n calls. (CVE-2018-10675)\n\n - In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where\n page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference. (CVE-2018-5333)\n\n - The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3\n allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted\n xfs image. (CVE-2018-10323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4114.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10675\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.15.2.el6uek', '4.1.12-124.15.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4114');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.15.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.15.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.15.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.15.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.15.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.15.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.15.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.15.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.15.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.15.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.15.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.15.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:04:16", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.\n\n - CVE-2013-4312, CVE-2016-2847 Tetsuo Handa discovered that users can use pipes queued on local (Unix) sockets to allocate an unfair share of kernel memory, leading to denial-of-service (resource exhaustion).\n\n This issue was previously mitigated for the stable suite by limiting the total number of files queued by each user on local sockets. The new kernel version in both suites includes that mitigation plus limits on the total size of pipe buffers allocated for each user.\n\n - CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected.\n\n - CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake.\n\n - CVE-2015-8785 It was discovered that local users permitted to write to a file on a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).\n\n - CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver.\n Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation.\n\n - CVE-2015-8816 A use-after-free vulnerability was discovered in the USB hub driver. This may be used by a physically present user for privilege escalation.\n\n - CVE-2015-8830 Ben Hawkes of Google Project Zero reported that the AIO interface permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated.\n\n - CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service.\n\n - CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space.\n\n - CVE-2016-2069 Andy Lutomirski discovered a race condition in flushing of the TLB when switching tasks on an x86 system. On an SMP system this could possibly lead to a crash, information leak or privilege escalation.\n\n - CVE-2016-2384 Andrey Konovalov found that a crafted USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation.\n\n - CVE-2016-2543 Dmitry Vyukov found that the core sound sequencer driver (snd-seq) lacked a necessary check for a NULL pointer, allowing a user with access to a sound sequencer device to cause a denial-of service (crash).\n\n - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548\n\n Dmitry Vyukov found various race conditions in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use these to cause a denial-of-service (crash or hang) or possibly for privilege escalation.\n\n - CVE-2016-2545 Dmitry Vyukov found a flaw in list manipulation in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use this to cause a denial-of-service (crash or hang) or possibly for privilege escalation.\n\n - CVE-2016-2549 Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s use of high resolution timers. A user with access to sound devices could use this to cause a denial-of-service (hang).\n\n - CVE-2016-2550 The original mitigation of CVE-2013-4312, limiting the total number of files a user could queue on local sockets, was flawed. A user given a local socket opened by another user, for example through the systemd socket activation mechanism, could make use of the other user's quota, again leading to a denial-of-service (resource exhaustion). This is fixed by accounting queued files to the sender rather than the socket opener.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Debian DSA-3503-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7566", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2015-8830", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2550", "CVE-2016-2847"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3503.NASL", "href": "https://www.tenable.com/plugins/nessus/89122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3503. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89122);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2550\", \"CVE-2016-2847\");\n script_xref(name:\"DSA\", value:\"3503\");\n\n script_name(english:\"Debian DSA-3503-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\n - CVE-2013-4312, CVE-2016-2847\n Tetsuo Handa discovered that users can use pipes queued\n on local (Unix) sockets to allocate an unfair share of\n kernel memory, leading to denial-of-service (resource\n exhaustion).\n\n This issue was previously mitigated for the stable suite by limiting\n the total number of files queued by each user on local sockets. The\n new kernel version in both suites includes that mitigation plus\n limits on the total size of pipe buffers allocated for each user.\n\n - CVE-2015-7566\n Ralf Spenneberg of OpenSource Security reported that the\n visor driver crashes when a specially crafted USB device\n without bulk-out endpoint is detected.\n\n - CVE-2015-8767\n An SCTP denial-of-service was discovered which can be\n triggered by a local attacker during a heartbeat timeout\n event after the 4-way handshake.\n\n - CVE-2015-8785\n It was discovered that local users permitted to write to\n a file on a FUSE filesystem could cause a denial of\n service (unkillable loop in the kernel).\n\n - CVE-2015-8812\n A flaw was found in the iw_cxgb3 Infiniband driver.\n Whenever it could not send a packet because the network\n was congested, it would free the packet buffer but later\n attempt to send the packet again. This use-after-free\n could result in a denial of service (crash or hang),\n data loss or privilege escalation.\n\n - CVE-2015-8816\n A use-after-free vulnerability was discovered in the USB\n hub driver. This may be used by a physically present\n user for privilege escalation.\n\n - CVE-2015-8830\n Ben Hawkes of Google Project Zero reported that the AIO\n interface permitted reading or writing 2 GiB of data or\n more in a single chunk, which could lead to an integer\n overflow when applied to certain filesystems, socket or\n device types. The full security impact has not been\n evaluated.\n\n - CVE-2016-0723\n A use-after-free vulnerability was discovered in the\n TIOCGETD ioctl. A local attacker could use this flaw for\n denial-of-service.\n\n - CVE-2016-0774\n It was found that the fix for CVE-2015-1805 in kernel\n versions older than Linux 3.16 did not correctly handle\n the case of a partially failed atomic read. A local,\n unprivileged user could use this flaw to crash the\n system or leak kernel memory to user space.\n\n - CVE-2016-2069\n Andy Lutomirski discovered a race condition in flushing\n of the TLB when switching tasks on an x86 system. On an\n SMP system this could possibly lead to a crash,\n information leak or privilege escalation.\n\n - CVE-2016-2384\n Andrey Konovalov found that a crafted USB MIDI device\n with an invalid USB descriptor could trigger a\n double-free. This may be used by a physically present\n user for privilege escalation.\n\n - CVE-2016-2543\n Dmitry Vyukov found that the core sound sequencer driver\n (snd-seq) lacked a necessary check for a NULL pointer,\n allowing a user with access to a sound sequencer device\n to cause a denial-of service (crash).\n\n - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548\n\n Dmitry Vyukov found various race conditions in the sound\n subsystem (ALSA)'s management of timers. A user with\n access to sound devices could use these to cause a\n denial-of-service (crash or hang) or possibly for\n privilege escalation.\n\n - CVE-2016-2545\n Dmitry Vyukov found a flaw in list manipulation in the\n sound subsystem (ALSA)'s management of timers. A user\n with access to sound devices could use this to cause a\n denial-of-service (crash or hang) or possibly for\n privilege escalation.\n\n - CVE-2016-2549\n Dmitry Vyukov found a potential deadlock in the sound\n subsystem (ALSA)'s use of high resolution timers. A user\n with access to sound devices could use this to cause a\n denial-of-service (hang).\n\n - CVE-2016-2550\n The original mitigation of CVE-2013-4312, limiting the\n total number of files a user could queue on local\n sockets, was flawed. A user given a local socket opened\n by another user, for example through the systemd socket\n activation mechanism, could make use of the other user's\n quota, again leading to a denial-of-service (resource\n exhaustion). This is fixed by accounting queued files to\n the sender rather than the socket opener.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3503\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.73-2+deb7u3. The oldstable distribution (wheezy)\nis not affected by CVE-2015-8830.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u4. CVE-2013-4312, CVE-2015-7566,\nCVE-2015-8767 and CVE-2016-0723 were already fixed in DSA-3448-1.\nCVE-2016-0774 does not affect the stable distribution.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.73-2+deb7u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:04", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)\n\n - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)\n\n - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209).\n\n - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537).\n\n - CVE-2017-11089: A buffer overread was observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261).\n\n - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260).\n\n - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).\n\n - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with\n __dm_destroy during creation and removal of DM devices (bnc#1083242).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1221-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-11089", "CVE-2017-13220", "CVE-2017-18203", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1087", "CVE-2018-7757", "CVE-2018-8781", "CVE-2018-8822", "CVE-2018-8897"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1221-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109758", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1221-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109758);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-11089\", \"CVE-2017-13220\", \"CVE-2017-18203\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1087\", \"CVE-2018-7757\", \"CVE-2018-8781\", \"CVE-2018-8822\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1221-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2018-1087: And an unprivileged KVM guest user could\n use this flaw to potentially escalate their privileges\n inside a guest. (bsc#1087088)\n\n - CVE-2018-8897: An unprivileged system user could use\n incorrect set up interrupt stacks to crash the Linux\n kernel resulting in DoS issue. (bsc#1087088)\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in\n kernel/signal.c might allow local users to cause a\n denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in\n kernel/exit.c might allow local users to cause a denial\n of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events\n function in drivers/scsi/libsas/sas_expander.c allowed\n local users to cause a denial of service (memory\n consumption) via many read accesses to files in the\n /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file\n (bnc#1084536 1087209).\n\n - CVE-2017-13220: An elevation of privilege vulnerability\n in the Upstream kernel bluez was fixed. (bnc#1076537).\n\n - CVE-2017-11089: A buffer overread was observed in\n nl80211_set_station when user space application sends\n attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data\n of size less than 4 bytes (bnc#1088261).\n\n - CVE-2017-0861: Use-after-free vulnerability in the\n snd_pcm_info function in the ALSA subsystem allowed\n attackers to gain privileges via unspecified vectors\n (bnc#1088260).\n\n - CVE-2018-8822: Incorrect buffer length handling in the\n ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c\n could be exploited by malicious NCPFS servers to crash\n the kernel or execute code (bnc#1086162).\n\n - CVE-2017-18203: The dm_get_from_kobject function in\n drivers/md/dm.c allow local users to cause a denial of\n service (BUG) by leveraging a race condition with\n __dm_destroy during creation and removal of DM devices\n (bnc#1083242).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-0861/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13220/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18203/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181221-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae992f01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-844=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-844=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_128-default-1-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_128-xen-1-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.128.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.128.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:47", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)\n\n - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)\n\n - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might allow local users to cause a denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).\n\n - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537).\n\n - CVE-2017-11089: A buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261).\n\n - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260).\n\n - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).\n\n - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with\n __dm_destroy during creation and removal of DM devices (bnc#1083242).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1220-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-11089", "CVE-2017-13220", "CVE-2017-18203", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1087", "CVE-2018-7757", "CVE-2018-8781", "CVE-2018-8822", "CVE-2018-8897"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-xen", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base"], "id": "SUSE_SU-2018-1220-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1220-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109757);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-11089\", \"CVE-2017-13220\", \"CVE-2017-18203\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1087\", \"CVE-2018-7757\", \"CVE-2018-8781\", \"CVE-2018-8822\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1220-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2018-1087: And an unprivileged KVM guest user could\n use this flaw to potentially escalate their privileges\n inside a guest. (bsc#1087088)\n\n - CVE-2018-8897: An unprivileged system user could use\n incorrect set up interrupt stacks to crash the Linux\n kernel resulting in DoS issue. (bsc#1087088)\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in\n kernel/signal.c might allow local users to cause a\n denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in\n kernel/exit.c in might allow local users to cause a\n denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events\n function in drivers/scsi/libsas/sas_expander.c allowed\n local users to cause a denial of service (memory\n consumption) via many read accesses to files in the\n /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file\n (bnc#1084536).\n\n - CVE-2017-13220: An elevation of privilege vulnerability\n in the Upstream kernel bluez was fixed. (bnc#1076537).\n\n - CVE-2017-11089: A buffer overread is observed in\n nl80211_set_station when user space application sends\n attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data\n of size less than 4 bytes (bnc#1088261).\n\n - CVE-2017-0861: Use-after-free vulnerability in the\n snd_pcm_info function in the ALSA subsystem allowed\n attackers to gain privileges via unspecified vectors\n (bnc#1088260).\n\n - CVE-2018-8822: Incorrect buffer length handling in the\n ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c\n could be exploited by malicious NCPFS servers to crash\n the kernel or execute code (bnc#1086162).\n\n - CVE-2017-18203: The dm_get_from_kobject function in\n drivers/md/dm.c allowed local users to cause a denial of\n service (BUG) by leveraging a race condition with\n __dm_destroy during creation and removal of DM devices\n (bnc#1083242).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-0861/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13220/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18203/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181220-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac64f8f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-845=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-845=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-845=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-845=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_88-default-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.88.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:48", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel's kernel/events/core.c:perf_cpu_time_max_percent_handler( ) function. Local privileged users could exploit this flaw to cause a denial of service due to integer overflow or possibly have unspecified other impact.(CVE-2017-18255)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)\n\n - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-8781"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:2.5.1", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"], "id": "EULEROS_SA-2018-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/117570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117570);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18255\",\n \"CVE-2018-10021\",\n \"CVE-2018-10087\",\n \"CVE-2018-8781\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1261)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel's\n kernel/events/core.c:perf_cpu_time_max_percent_handler(\n ) function. Local privileged users could exploit this\n flaw to cause a denial of service due to integer\n overflow or possibly have unspecified other\n impact.(CVE-2017-18255)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c\n file in the Linux kernel allow a physically proximate\n attacker to cause a memory leak in the ATA command\n queue and, thus, denial of service by triggering\n certain failure conditions.(CVE-2018-10021)\n\n - The kernel_wait4 function in kernel/exit.c in the Linux\n kernel, when an unspecified architecture and compiler\n is used, might allow local users to cause a denial of\n service by triggering an attempted use of the -INT_MIN\n value.(CVE-2018-10087)\n\n - A an integer overflow vulnerability was discovered in\n the Linux kernel, from version 3.4 through 4.15, in the\n drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An\n attacker with access to the udldrmfb driver could\n exploit this to obtain full read and write permissions\n on kernel physical pages, resulting in a code execution\n in kernel space.(CVE-2018-8781)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1261\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d55bb07d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_31\",\n \"kernel-devel-3.10.0-514.44.5.10_31\",\n \"kernel-headers-3.10.0-514.44.5.10_31\",\n \"kernel-tools-3.10.0-514.44.5.10_31\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_31\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_31\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-30T14:59:07", "description": "It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nIt was discovered that the Linux kernel did not keep accurate track of pipe buffer details when error conditions occurred, due to an incomplete fix for CVE-2015-1805. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0774)\n\nZach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability.\n(CVE-2016-0821)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2967-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2967-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91087);\n script_version(\"2.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_xref(name:\"USN\", value:\"2967-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the Aiptek Tablet USB device driver in\nthe Linux kernel did not properly sanity check the endpoints reported\nby the device. An attacker with physical access could cause a denial\nof service (system crash). (CVE-2015-7515)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the\nLinux kernel's CXGB3 driver. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nIt was discovered that the Linux kernel did not keep accurate track of\npipe buffer details when error conditions occurred, due to an\nincomplete fix for CVE-2015-1805. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode with administrative privileges. (CVE-2016-0774)\n\nZach Riggle discovered that the Linux kernel's list poison feature did\nnot take into account the mmap_min_addr value. A local attacker could\nuse this to bypass the kernel's poison-pointer protection mechanism\nwhile attempting to exploit an existing kernel vulnerability.\n(CVE-2016-0821)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the\namount of data allocated to buffer pipes. A local attacker could use\nthis to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2967-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2967-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-generic\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-generic-pae\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-highbank\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-virtual\", pkgver:\"3.2.0-102.142\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:25", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of- bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.\n (CVE-2017-11600)\n\n - A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function.\n Attackers using a specific input can lead to a privilege escalation. (CVE-2017-13215)\n\n - The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. (CVE-2017-16939)\n\n - An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.\n (CVE-2018-1000199)\n\n - The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-10675)\n\n - A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. (CVE-2018-1068)\n\n - A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the Lazy FPU Restore scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year. (CVE-2018-3665)\n\n - A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service.\n (CVE-2018-8897)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11600", "CVE-2017-13215", "CVE-2017-16939", "CVE-2018-1000199", "CVE-2018-10675", "CVE-2018-1068", "CVE-2018-3665", "CVE-2018-8897"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0025_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0025. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127185);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2017-11600\",\n \"CVE-2017-13215\",\n \"CVE-2017-16939\",\n \"CVE-2018-1068\",\n \"CVE-2018-3665\",\n \"CVE-2018-8897\",\n \"CVE-2018-10675\",\n \"CVE-2018-1000199\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - The xfrm_migrate() function in the\n net/xfrm/xfrm_policy.c file in the Linux kernel built\n with CONFIG_XFRM_MIGRATE does not verify if the dir\n parameter is less than XFRM_POLICY_MAX. This allows a\n local attacker to cause a denial of service (out-of-\n bounds access) or possibly have unspecified other impact\n by sending a XFRM_MSG_MIGRATE netlink message. This flaw\n is present in the Linux kernel since an introduction of\n XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.\n (CVE-2017-11600)\n\n - A flaw was found in the Linux kernel's skcipher\n component, which affects the skcipher_recvmsg function.\n Attackers using a specific input can lead to a privilege\n escalation. (CVE-2017-13215)\n\n - The Linux kernel is vulerable to a use-after-free flaw\n when Transformation User configuration\n interface(CONFIG_XFRM_USER) compile-time configuration\n were enabled. This vulnerability occurs while closing a\n xfrm netlink socket in xfrm_dump_policy_done. A\n user/process could abuse this flaw to potentially\n escalate their privileges on a system. (CVE-2017-16939)\n\n - An address corruption flaw was discovered in the Linux\n kernel built with hardware breakpoint\n (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a\n h/w breakpoint via 'modify_user_hw_breakpoint' routine,\n an unprivileged user/process could use this flaw to\n crash the system kernel resulting in DoS OR to\n potentially escalate privileges on a the system.\n (CVE-2018-1000199)\n\n - The do_get_mempolicy() function in mm/mempolicy.c in the\n Linux kernel allows local users to hit a use-after-free\n bug via crafted system calls and thus cause a denial of\n service (DoS) or possibly have unspecified other impact.\n Due to the nature of the flaw, privilege escalation\n cannot be fully ruled out. (CVE-2018-10675)\n\n - A flaw was found in the Linux kernel's implementation of\n 32-bit syscall interface for bridging. This allowed a\n privileged user to arbitrarily write to a limited range\n of kernel memory. (CVE-2018-1068)\n\n - A Floating Point Unit (FPU) state information leakage\n flaw was found in the way the Linux kernel saved and\n restored the FPU state during task switch. Linux kernels\n that follow the Lazy FPU Restore scheme are vulnerable\n to the FPU state information leakage issue. An\n unprivileged local attacker could use this flaw to read\n FPU state bits by conducting targeted cache side-channel\n attacks, similar to the Meltdown vulnerability disclosed\n earlier this year. (CVE-2018-3665)\n\n - A flaw was found in the way the Linux kernel handled\n exceptions delivered after a stack switch operation via\n Mov SS or Pop SS instructions. During the stack switch\n operation, the processor did not deliver interrupts and\n exceptions, rather they are delivered once the first\n instruction after the stack switch is executed. An\n unprivileged system user could use this flaw to crash\n the system kernel resulting in the denial of service.\n (CVE-2018-8897)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0025\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"perf-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"perf-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:37", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL i1/4oe 3, the debug exception is delivered after the transfer to CPL i1/4oe 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.(CVE-2018-8897)\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130)\n\n - The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.(CVE-2018-10940)\n\n - An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1263)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199", "CVE-2018-10940", "CVE-2018-1130", "CVE-2018-8897"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1263.NASL", "href": "https://www.tenable.com/plugins/nessus/117572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117572);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000199\",\n \"CVE-2018-10940\",\n \"CVE-2018-1130\",\n \"CVE-2018-8897\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1263)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A statement in the System Programming Guide of the\n Intel 64 and IA-32 Architectures Software Developer's\n Manual (SDM) was mishandled in the development of some\n or all operating-system kernels, resulting in\n unexpected behavior for #DB exceptions that are\n deferred by MOV SS or POP SS, as demonstrated by (for\n example) privilege escalation in Windows, macOS, some\n Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL i1/4oe 3,\n the debug exception is delivered after the transfer to\n CPL i1/4oe 3 is complete. OS kernels may not expect this\n order of events and may therefore experience unexpected\n behavior when it occurs.(CVE-2018-8897)\n\n - A null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in the Linux kernel\n allows a local user to cause a denial of service by a\n number of certain crafted system calls.(CVE-2018-1130)\n\n - The cdrom_ioctl_media_changed function in\n drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6\n allows local attackers to use a incorrect bounds check\n in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read\n out kernel memory.(CVE-2018-10940)\n\n - An address corruption flaw was discovered in the Linux\n kernel built with hardware breakpoint\n (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a\n h/w breakpoint via 'modify_user_hw_breakpoint' routine,\n an unprivileged user/process could use this flaw to\n crash the system kernel resulting in DoS OR to\n potentially escalate privileges on a the\n system.(CVE-2018-1000199)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1263\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5222484\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_35\",\n \"kernel-devel-3.10.0-514.44.5.10_35\",\n \"kernel-headers-3.10.0-514.44.5.10_35\",\n \"kernel-tools-3.10.0-514.44.5.10_35\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_35\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_35\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:57", "description": "An update of [linux] packages for PhotonOS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0032 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11600"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0032.NASL", "href": "https://www.tenable.com/plugins/nessus/111881", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0032. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111881);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-11600\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0032 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-66\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d40b53c6\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11600\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.86-1.ph1\",\n \"linux-api-headers-4.4.86-1.ph1\",\n \"linux-debuginfo-4.4.86-1.ph1\",\n \"linux-dev-4.4.86-1.ph1\",\n \"linux-docs-4.4.86-1.ph1\",\n \"linux-drivers-gpu-4.4.86-1.ph1\",\n \"linux-esx-4.4.86-1.ph1\",\n \"linux-esx-debuginfo-4.4.86-1.ph1\",\n \"linux-esx-devel-4.4.86-1.ph1\",\n \"linux-esx-docs-4.4.86-1.ph1\",\n \"linux-oprofile-4.4.86-1.ph1\",\n \"linux-sound-4.4.86-1.ph1\",\n \"linux-tools-4.4.86-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:43", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0032", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11600"], "modified": "2019-03-08T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0032_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0032. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121729);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/03/08\");\n\n script_cve_id(\"CVE-2017-11600\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0032\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-66.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.86-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.86-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:38", "description": "The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).\n\nCVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n\nCVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608).\n\nCVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)\n\nCVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).\n\nCVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829).\n\nCVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353).\n\nCVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)\n\nCVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue.\n(bsc#1087088)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18257", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1087", "CVE-2018-7740", "CVE-2018-8043", "CVE-2018-8781", "CVE-2018-8822", "CVE-2018-8897"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1173-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1173-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118252);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-18257\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1087\", \"CVE-2018-7740\", \"CVE-2018-8043\", \"CVE-2018-8781\", \"CVE-2018-8822\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-8781: The udl_fb_mmap function in\ndrivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability\nthat allowed local users with access to the udldrmfb driver to obtain\nfull read and write permissions on kernel physical pages, resulting in\na code execution in kernel space (bnc#1090643).\n\nCVE-2018-10124: The kill_something_info function in kernel/signal.c\nmight have allowed local users to cause a denial of service via an\nINT_MIN argument (bnc#1089752).\n\nCVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have\nallowed local users to cause a denial of service by triggering an\nattempted use of the -INT_MIN value (bnc#1089608).\n\nCVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the\nLinux kernel allowed local users to cause a denial of service (integer\noverflow and loop) via crafted use of the open and fallocate system\ncalls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)\n\nCVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel\nfunction in fs/ncpfs/ncplib_kernel.c could be exploited by malicious\nNCPFS servers to crash the kernel or execute code (bnc#1086162).\n\nCVE-2018-8043: The unimac_mdio_probe function in\ndrivers/net/phy/mdio-bcm-unimac.c did not validate certain resource\navailability, which allowed local users to cause a denial of service\n(NULL pointer dereference) (bnc#1084829).\n\nCVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed\nlocal users to cause a denial of service (BUG) via a crafted\napplication that made mmap system calls and has a large pgoff argument\nto the remap_file_pages system call (bnc#1084353).\n\nCVE-2018-1087: And an unprivileged KVM guest user could use this flaw\nto potentially escalate their privileges inside a guest. (bsc#1087088)\n\nCVE-2018-8897: An unprivileged system user could use incorrect set up\ninterrupt stacks to crash the Linux kernel resulting in DoS issue.\n(bsc#1087088)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18257/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181173-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59cc4691\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-814=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_73-default-1-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:45", "description": "The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)\n\n - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).\n\n - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829).\n\n - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353).\n\n - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)\n\n - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18257", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1087", "CVE-2018-7740", "CVE-2018-8043", "CVE-2018-8781", "CVE-2018-8822", "CVE-2018-8897"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1173-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109647", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1173-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109647);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-18257\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1087\", \"CVE-2018-7740\", \"CVE-2018-8043\", \"CVE-2018-8781\", \"CVE-2018-8822\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability that allowed local users with access to\n the udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bnc#1090643).\n\n - CVE-2018-10124: The kill_something_info function in\n kernel/signal.c might have allowed local users to cause\n a denial of service via an INT_MIN argument\n (bnc#1089752).\n\n - CVE-2018-10087: The kernel_wait4 function in\n kernel/exit.c might have allowed local users to cause a\n denial of service by triggering an attempted use of the\n -INT_MIN value (bnc#1089608).\n\n - CVE-2017-18257: The __get_data_block function in\n fs/f2fs/data.c in the Linux kernel allowed local users\n to cause a denial of service (integer overflow and loop)\n via crafted use of the open and fallocate system calls\n with an FS_IOC_FIEMAP ioctl. (bnc#1088241)\n\n - CVE-2018-8822: Incorrect buffer length handling in the\n ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c\n could be exploited by malicious NCPFS servers to crash\n the kernel or execute code (bnc#1086162).\n\n - CVE-2018-8043: The unimac_mdio_probe function in\n drivers/net/phy/mdio-bcm-unimac.c did not validate\n certain resource availability, which allowed local users\n to cause a denial of service (NULL pointer dereference)\n (bnc#1084829).\n\n - CVE-2018-7740: The resv_map_release function in\n mm/hugetlb.c allowed local users to cause a denial of\n service (BUG) via a crafted application that made mmap\n system calls and has a large pgoff argument to the\n remap_file_pages system call (bnc#1084353).\n\n - CVE-2018-1087: And an unprivileged KVM guest user could\n use this flaw to potentially escalate their privileges\n inside a guest. (bsc#1087088)\n\n - CVE-2018-8897: An unprivileged system user could use\n incorrect set up interrupt stacks to crash the Linux\n kernel resulting in DoS issue. (bsc#1087088)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18257/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181173-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e590564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-814=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-814=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-814=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2018-814=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-814=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_73-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.73.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.73.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:12", "description": "Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel to automatically create ip header values and thus potentially escalate their privileges. (CVE-2017-17712)\n\nUse-after-free vulnerability in DCCP socket\n\nA use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges. (CVE-2017-8824)\n\nStack-based out-of-bounds read via vmcall instruction\n\nLinux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes.\n(CVE-2017-17741)\n\nUnchecked capabilities in net/netfilter/xt_osf.c allows for unprivileged modification to systemwide fingerprint list\n\nnet/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. (CVE-2017-17450)\n\nMissing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure\n\nnet/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. (CVE-2017-17448)", "cvss3": {}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2018-944)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17448", "CVE-2017-17450", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-8824"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-944.NASL", "href": "https://www.tenable.com/plugins/nessus/106171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-944.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106171);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-17448\", \"CVE-2017-17450\", \"CVE-2017-17712\", \"CVE-2017-17741\", \"CVE-2017-8824\");\n script_xref(name:\"ALAS\", value:\"2018-944\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2018-944)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Race condition in raw_sendmsg function allows denial-of-service or\nkernel addresses leak\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nallowing a local attacker to panic the kernel or possibly leak kernel\naddresses. A local attacker, with the privilege of creating raw\nsockets, can abuse a possible race condition when setting the socket\noption to allow the kernel to automatically create ip header values\nand thus potentially escalate their privileges. (CVE-2017-17712)\n\nUse-after-free vulnerability in DCCP socket\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. This vulnerability could allow an\nattacker to their escalate privileges. (CVE-2017-8824)\n\nStack-based out-of-bounds read via vmcall instruction\n\nLinux kernel compiled with the KVM virtualization (CONFIG_KVM) support\nis vulnerable to an out-of-bounds read access issue. It could occur\nwhen emulating vmcall instructions invoked by a guest. A guest\nuser/process could use this flaw to disclose kernel memory bytes.\n(CVE-2017-17741)\n\nUnchecked capabilities in net/netfilter/xt_osf.c allows for\nunprivileged modification to systemwide fingerprint list\n\nnet/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not\nrequire the CAP_NET_ADMIN capability for add_callback and\nremove_callback operations, which allows local users to bypass\nintended access restrictions because the xt_osf_fingers data structure\nis shared across all net namespaces. (CVE-2017-17450)\n\nMissing capabilities check in net/netfilter/nfnetlink_cthelper.c\nallows for unprivileged access to systemwide nfnl_cthelper_list\nstructure\n\nnet/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4\ndoes not require the CAP_NET_ADMIN capability for new, get, and del\noperations, which allows local users to bypass intended access\nrestrictions because the nfnl_cthelper_list data structure is shared\nacross all net namespaces. (CVE-2017-17448)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-944.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.77-31.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.77-31.58.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:07", "description": "The 4.14.8 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : kernel (2017-1ebb87e7c0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17741"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-1EBB87E7C0.NASL", "href": "https://www.tenable.com/plugins/nessus/105830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-1ebb87e7c0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105830);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17741\");\n script_xref(name:\"FEDORA\", value:\"2017-1ebb87e7c0\");\n\n script_name(english:\"Fedora 27 : kernel (2017-1ebb87e7c0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.14.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ebb87e7c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-17741\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-1ebb87e7c0\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.14.8-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:04", "description": "This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1239-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_120-92_70-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1239-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1239-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109773);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1239-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling\n of ptrace() could lead to memory corruption, possibly a\n denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181239-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?527fa000\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-873=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-873=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_120-92_70-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_120-92_70-default-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:49", "description": "This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1508-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1508-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1508-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110343);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1508-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: - CVE-2018-1000199: An address\n corruption flaw was discovered while modifying a h/w\n breakpoint via 'modify_user_hw_breakpoint' routine, an\n unprivileged user/process could use this flaw to crash\n the system kernel resulting in DoS OR to potentially\n escalate privileges on a the system. (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181508-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d713122f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1074=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1074=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_73-default-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:49", "description": "This update for the Linux Kernel 3.12.61-52_128 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1525-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1525-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110359);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1525-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.61-52_128 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: - CVE-2018-1000199: An address\n corruption flaw was discovered while modifying a h/w\n breakpoint via 'modify_user_hw_breakpoint' routine, an\n unprivileged user/process could use this flaw to crash\n the system kernel resulting in DoS OR to potentially\n escalate privileges on a the system. (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181525-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16e8b61e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1072=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_128-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_128-xen-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:50", "description": "This update for the Linux Kernel 3.12.74-60_64_88 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1551-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1551-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110381", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1551-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110381);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1551-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_88 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: - CVE-2018-1000199: An address\n corruption flaw was discovered while modifying a h/w\n breakpoint via 'modify_user_hw_breakpoint' routine, an\n unprivileged user/process could use this flaw to crash\n the system kernel resulting in DoS OR to potentially\n escalate privileges on a the system. (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181551-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e7ccdb3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1073=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1073=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_88-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_88-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_88-xen-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:48", "description": "According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1266)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:2.5.0", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"], "id": "EULEROS_SA-2018-1266.NASL", "href": "https://www.tenable.com/plugins/nessus/117575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117575);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000199\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1266)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An address corruption flaw was discovered in the Linux\n kernel built with hardware breakpoint\n (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a\n h/w breakpoint via 'modify_user_hw_breakpoint' routine,\n an unprivileged user/process could use this flaw to\n crash the system kernel resulting in DoS OR to\n potentially escalate privileges on a the\n system.(CVE-2018-1000199)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1266\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e5eb71b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.64.60.3_19\",\n \"kernel-devel-3.10.0-327.64.60.3_19\",\n \"kernel-headers-3.10.0-327.64.60.3_19\",\n \"kernel-tools-3.10.0-327.64.60.3_19\",\n \"kernel-tools-libs-3.10.0-327.64.60.3_19\",\n \"kernel-tools-libs-devel-3.10.0-327.64.60.3_19\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:47", "description": "This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1550-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_80-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1550-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110380", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1550-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110380);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1550-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling\n of ptrace() could lead to memory corruption, possibly a\n denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181550-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afa9c4b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1075=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1075=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_80-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_80-default-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:15", "description": "This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1258-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_114-92_64-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1258-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1258-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109787);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1258-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling\n of ptrace() could lead to memory corruption, possibly a\n denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181258-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e466d23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-883=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-883=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_114-92_64-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_114-92_64-default-3-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:34", "description": "This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1223-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000199"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_114-92_67-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1223-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1223-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109760);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-1000199\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1223-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The\nfollowing security issue was fixed :\n\n - CVE-2018-1000199: A bug in x86 debug register handling\n of ptrace() could lead to memory corruption, possibly a\n denial of service or privilege escalation (bsc#1090036).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000199/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181223-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8eac31ef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-882=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-882=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_114-92_67-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_114-92_67-default-3-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:46", "description": "Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerability (USN-4486-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10323"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4486-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4486-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140184);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-10323\");\n script_xref(name:\"USN\", value:\"4486-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerability (USN-4486-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Wen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly validate meta-data information. An attacker\ncould use this to construct a malicious xfs image that, when mounted,\ncould cause a denial of service (system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4486-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10323\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4486-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1079-kvm\", pkgver:\"4.4.0-1079.86\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1113-aws\", pkgver:\"4.4.0-1113.126\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1138-raspi2\", pkgver:\"4.4.0-1138.147\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1142-snapdragon\", pkgver:\"4.4.0-1142.151\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-189-generic\", pkgver:\"4.4.0-189.219\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-189-generic-lpae\", pkgver:\"4.4.0-189.219\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-189-lowlatency\", pkgver:\"4.4.0-189.219\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1113.118\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.189.195\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.189.195\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1079.77\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.189.195\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1138.138\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1142.134\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.189.195\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:57", "description": "The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. (CVE-2017-8824)\n\nImpact\n\nAn attacker may exploit this vulnerability to gain privileges.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K15526101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8824"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL15526101.NASL", "href": "https://www.tenable.com/plugins/nessus/118633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15526101.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118633);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2017-8824\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K15526101)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The dccp_disconnect function in net/dccp/proto.c in the Linux kernel\nthrough 4.14.3 allows local users to gain privileges or cause a denial\nof service (use-after-free) via an AF_UNSPEC connect system call\nduring the DCCP_LISTEN state. (CVE-2017-8824)\n\nImpact\n\nAn attacker may exploit this vulnerability to gain privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15526101\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15526101.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_vi
Unbreakable Enterprise kernel security update
