DATABASE RESOURCES PRICING ABOUT US

{"id": "ELSA-2020-4431", "type": "oraclelinux", "bulletinFamily": "unix", "title": "kernel security, bug fix, and enhancement update", "description": "[4.18.0-240.OL8]\n- Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7\n[4.18.0-240]\n- [include] block: allow for_each_bvec to support zero len bvec (Ming Lei) [1872032]\n- [nvme] nvme-pci: disable the write zeros command for Intel 600P/P3100 (David Milburn) [1875391]\n[4.18.0-239]\n- [init] init/Kconfig: disable io_uring (Jeff Moyer) [1879754]\n- [block] blk-mq: always allow reserved allocation in hctx_may_queue (Ming Lei) [1740874]\n- [nvme] nvme-rdma: Avoid double freeing of async event data (Gopal Tiwari) [1878140]\n- [kernel] printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (Igor Mammedov) [1867022]\n[4.18.0-238]\n- [firmware] efi: dont reserve MOK config table memory region (Kairui Song) [1878584]\n- [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1875316] {CVE-2020-14385}\n- [powerpc] powerpc/pseries: Do not initiate shutdown when system is running on UPS (Diego Domingos) [1870477]\n[4.18.0-237]\n- [fs] nfsd: avoid a NULL dereference in __cld_pipe_upcall() (Scott Mayhew) [1847225]\n- [net] packet: fix overflow in tpacket_rcv (Hangbin Liu) [1876224] {CVE-2020-14386}\n- [net] packet: make tp_drops atomic (Hangbin Liu) [1876224] {CVE-2020-14386}\n- [net] espintcp: restore IP CB before handing the packet to xfrm (Sabrina Dubroca) [1868201]\n- [fs] Revert NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (Benjamin Coddington) [1865978]\n- [fs] Revert NFSv4.x recover from pre-mature loss of openstateid (Benjamin Coddington) [1865978]\n- [infiniband] RDMA/mlx4: Read pkey table length instead of hardcoded value (Alaa Hleihel) [1853564]\n- [net] net/smc: set rx_off for SMCR explicitly (Philipp Rudo) [1875833]\n- [drm] drm/i915: Auto detect DPCD backlight support by default (Lyude Paul) [1872381]\n- [drm] drm/i915: Fix DPCD register order in intel_dp_aux_enable_backlight() (Lyude Paul) [1872381]\n- [drm] drm/i915: Assume 100 brightness when not in DPCD control mode (Lyude Paul) [1872381]\n- [drm] drm/i915: Fix eDP DPCD aux max backlight calculations (Lyude Paul) [1872381]\n- [kernel] tracing: Define MCOUNT_INSN_SIZE when not defined without direct calls (Jiri Olsa) [1857599]\n- [kernel] ftrace: Fix function_graph tracer interaction with BPF trampoline (Jiri Olsa) [1857599]\n- [x86] x86/function_graph: Simplify with function_graph_enter() (Jiri Olsa) [1857599]\n- [kernel] function_graph: Create function_graph_enter() to consolidate architecture code (Jiri Olsa) [1857599]\n[4.18.0-236]\n- [crypto] pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862072]\n- [security] integrity: Load certs from the EFI MOK config table (Lenny Szubowicz) [1868306]\n- [security] integrity: Move import of MokListRT certs to a separate routine (Lenny Szubowicz) [1868306]\n- [firmware] efi: Support for MOK variable config table (Lenny Szubowicz) [1868306]\n- [kernel] Move to dual-signing to split signing keys up better (Frantisek Hrbata) [1837434] {CVE-2020-10713}\n- [powerpc] pseries/hotplug-cpu: wait indefinitely for vCPU death (Michael Roth) [1856588]\n- [powerpc] kvm: ppc: book3s hv: Rework secure mem slot dropping (Michael Roth) [1851259]\n- [powerpc] kvm: ppc: book3s hv: Move kvmppc_svm_page_out up (Michael Roth) [1851259]\n- [powerpc] kvm: ppc: book3s hv: Migrate hot plugged memory (Michael Roth) [1851259]\n- [powerpc] kvm: ppc: book3s hv: In H_SVM_INIT_DONE, migrate remaining normal-GFNs to secure-GFNs (Michael Roth) [1851259]\n- [powerpc] kvm: ppc: book3s hv: Track the state GFNs associated with secure VMs (Michael Roth) [1851259]\n- [powerpc] kvm: ppc: book3s hv: Disable page merging in H_SVM_INIT_START (Michael Roth) [1851259]\n- [powerpc] kvm: ppc: book3s hv: Fix function definition in book3s_hv_uvmem.c (Michael Roth) [1851259]\n- [kernel] mmap locking api: initial implementation as rwsem wrappers (Michael Roth) [1851259]\n- [mm] handle multiple owners of device private pages in migrate_vma (Michael Roth) [1851259]\n- [mm] migrate.c: clean up useless code in migrate_vma_collect_pmd() (Michael Roth) [1851259]\n- [mm] remove the unused MIGRATE_PFN_DEVICE flag (Michael Roth) [1851259]\n- [powerpc] rhel: powerpc: kvm: Increase HDEC threshold to enter guest (David Gibson) [1733467]\n- [netdrv] r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (Michal Schmidt) [1851966]\n- [fs] ceph: fix inode number handling on arches with 32-bit ino_t (Jeff Layton) [1869679]\n- [fs] ceph: dont allow setlease on cephfs (Jeff Layton) [1872382]\n- [block] blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (Ming Lei) [1859628]\n[4.18.0-235]\n- [s390] scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Fence adapter status propagation for common statuses (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Move p-t-p port allocation to after xport data (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Fence fc_host updates during link-down handling (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Move fc_host updates during xport data handling into fenced function (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Move shost updates during xconfig data handling into fenced function (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: fix fc_host attributes that should be unknown on local link down (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: expose fabric name as common fc_host sysfs attribute (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: add diagnostics buffer for exchange config data (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: diagnostics buffer caching and use for exchange port data (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: signal incomplete or error for sync exchange config/port data (Claudio Imbrenda) [1872799]\n- [s390] scsi: zfcp: Fix use-after-free in request timeout handlers (Claudio Imbrenda) [1872796]\n- [tools] selftests/powerpc: Update the stack expansion test (Gustavo Duarte) [1869755]\n- [mm] powerpc: Allow 4224 bytes of stack expansion for the signal frame (Gustavo Duarte) [1869755]\n- [tools] selftests/powerpc: Add test of stack expansion logic (Gustavo Duarte) [1869755]\n- [mm] mm: check that mm is still valid in madvise() (Jeff Moyer) [1874560]\n- [block] block: virtio_blk: fix handling single range discard request (Ming Lei) [1842035]\n- [block] block: respect queue limit of max discard segment (Ming Lei) [1842035]\n- [fs] io_uring: Fix NULL pointer dereference in loop_rw_iter() (Jeff Moyer) [1854649]\n- [fs] io_uring: return locked and pinned page accounting (Jeff Moyer) [1854649]\n- [fs] io_uring: always allow drain/link/hardlink/async sqe flags (Jeff Moyer) [1854649]\n- [fs] io_uring: ensure double poll additions work with both request types (Jeff Moyer) [1854649]\n- [fs] io_uring: fix recvmsg memory leak with buffer selection (Jeff Moyer) [1854649]\n- [fs] io_uring: fix missing msg_name assignment (Jeff Moyer) [1854649]\n- [fs] io_uring: fix memleak in io_sqe_files_register() (Jeff Moyer) [1854649]\n- [fs] io_uring: account user memory freed when exit has been queued (Jeff Moyer) [1854649]\n- [fs] io_uring: fix memleak in __io_sqe_files_update() (Jeff Moyer) [1854649]\n- [fs] io_uring: fix regression with always ignoring signals in io_cqring_wait() (Jeff Moyer) [1854649]\n- [fs] io_uring: use signal based task_work running (Jeff Moyer) [1854649]\n- [kernel] task_work: teach task_work_add() to do signal_wake_up() (Jeff Moyer) [1854649]\n- [fs] io_uring: fix missing ->mm on exit (Jeff Moyer) [1854649]\n- [fs] io_uring: fix potential use after free on fallback request free (Jeff Moyer) [1854649]\n- [fs] io_uring: fix req->work corruption (Jeff Moyer) [1854649]\n- [fs] io_uring: fix NULL-mm for linked reqs (Jeff Moyer) [1854649]\n- [fs] io_uring: fix current->mm NULL dereference on exit (Jeff Moyer) [1854649]\n- [fs] io_uring: fix hanging iopoll in case of -EAGAIN (Jeff Moyer) [1854649]\n- [fs] io_uring: fix io_sq_thread no schedule when busy (Jeff Moyer) [1854649]\n- [fs] io_uring: fix possible race condition against REQ_F_NEED_CLEANUP (Jeff Moyer) [1854649]\n- [fs] io_uring: reap poll completions while waiting for refs to drop on exit (Jeff Moyer) [1854649]\n- [fs] io_uring: acquire mm for task_work for SQPOLL (Jeff Moyer) [1854649]\n- [fs] io_uring: add memory barrier to synchronize io_kiocbs result and iopoll_completed (Jeff Moyer) [1854649]\n- [fs] io_uring: dont fail links for EAGAIN error in IOPOLL mode (Jeff Moyer) [1854649]\n- [fs] io_uring: fix io_kiocb.flags modification race in IOPOLL mode (Jeff Moyer) [1854649]\n- [fs] io_uring: allow O_NONBLOCK async retry (Jeff Moyer) [1854649]\n- [fs] io_uring: use kvfree() in io_sqe_buffer_register() (Jeff Moyer) [1854649]\n- [fs] io_uring: validate the full range of provided buffers for access (Jeff Moyer) [1854649]\n- [fs] io_uring: re-set iov base/len for buffer select retry (Jeff Moyer) [1854649]\n- [fs] io_uring: fix {SQ, IO}POLL with unsupported opcodes (Jeff Moyer) [1854649]\n- [fs] io_uring: disallow close of ring itself (Jeff Moyer) [1854649]\n- [fs] io_uring: fix overflowed reqs cancellation (Jeff Moyer) [1854649]\n- [fs] io_uring: fix flush req->refs underflow (Jeff Moyer) [1854649]\n- [fs] io_uring: async task poll trigger cleanup (Jeff Moyer) [1854649]\n- [fs] io_uring: allow POLL_ADD with double poll_wait() users (Jeff Moyer) [1854649]\n- [fs] io_uring: remove fd is io_uring from close path (Jeff Moyer) [1854649]\n- [nvme] nvme: allow retry for requests with REQ_FAILFAST_TRANSPORT set (Mike Snitzer) [1843515]\n- [nvme] nvme: decouple basic ANA log page re-read support from native multipathing (Mike Snitzer) [1843515]\n- [nvme] nvme: update failover handling to work with REQ_FAILFAST_TRANSPORT (Mike Snitzer) [1843515]\n- [nvme] nvme: Return BLK_STS_TARGET if the DNR bit is set (Mike Snitzer) [1843515]\n- [nvme] nvme: redirect commands on dying queue (Mike Snitzer) [1843515]\n- [nvme] nvme: just check the status code type in nvme_is_path_error (Mike Snitzer) [1843515]\n- [nvme] nvme: refactor command completion (Mike Snitzer) [1843515]\n- [nvme] nvme-multipath: do not reset on unknown status (Mike Snitzer) [1843515]\n- [nvme] Revert nvme: allow ANA support to be independent of native multipathing (Mike Snitzer) [1843515]\n- [nvme] Revert nvme-multipath: do not reset on unknown status (Mike Snitzer) [1843515]\n- [mm] mm, THP, swap: fix allocating cluster for swapfile by mistake (Gao Xiang) [1855474]\n- [net] sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (Marcelo Leitner) [1866391]\n- [net] netfilter: conntrack: allow sctp hearbeat after connection re-use (Florian Westphal) [1865798]\n- [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859472] {CVE-2020-14331}\n- [scsi] Revert scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (Nilesh Javali) [1866744]\n- [scsi] Revert scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Check if FW supports MQ before enabling (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Reduce noisy debug message (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Fix login timeout (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Flush I/O on zone disable (Nilesh Javali) [1866744]\n- [scsi] scsi: qla2xxx: Flush all sessions on zone disable (Nilesh Javali) [1866744]\n- [tools] bpf: selftests: global_funcs: Check err_str before strstr (Yauheni Kaliuta) [1873163]\n- [netdrv] net/mlx5e: E-Switch, Specify flow_source for rule with no in_port (Alaa Hleihel) [1869602]\n- [netdrv] net/mlx5e: E-Switch, Add misc bit when misc fields changed for mirroring (Alaa Hleihel) [1869602]\n- [tools] selftests/bpf: test for map update access from within EXT programs (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071]\n- [tools] selftests/bpf: test for checking return code for the extended prog (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071]\n- [tools] selftests/bpf: Add test for freplace program with write access (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071]\n- [net] bpf: verifier: use target programs type for access verifications (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071]\n- [scsi] scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (Dick Kennedy) [1871223]\n- [scsi] scsi: lpfc: Fix LUN loss after cable pull (Dick Kennedy) [1871223]\n- [infiniband] RDMA/bnxt_re: Do not add user qps to flushlist (Selvin Xavier) [1858674]\n- [fs] NFSv4.0 allow nconnect for v4.0 (Benjamin Coddington) [1842746]\n- [mm] mm/vunmap: add cond_resched() in vunmap_pmd_range (Rafael Aquini) [1871710]\n- [s390] s390/bpf: Maintain 8-byte stack alignment (Jiri Olsa) [1871040]\n[4.18.0-234]\n- [netdrv] vrf: Fix IPv6 with qdisc and xfrm (Sabrina Dubroca) [1868565]\n- [netdrv] vrf: make sure skb->data contains ip header to make routing (Sabrina Dubroca) [1868565]\n- [netdrv] vrf: Check skb for XFRM_TRANSFORMED flag (Sabrina Dubroca) [1868565]\n- [net] Do not clear the sock TX queue in sk_set_socket() (Andrea Claudi) [1850421]\n- [net] Use RCU_INIT_POINTER() to set sk_wq (Andrea Claudi) [1850421]\n- [net] netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c. (Florian Westphal) [1862384]\n- [net] netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. (Florian Westphal) [1862384]\n- [net] netfilter: ipset: Fix an error code in ip_set_sockfn_get() (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_rbtree: Dont account for expired elements on insertion (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_rbtree: Detect partial overlaps on insertion (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (Florian Westphal) [1862384]\n- [net] netfilter: nf_tables: fix nat hook table deletion (Florian Westphal) [1862384]\n- [net] netfilter: ipset: call ip_set_free() instead of kfree() (Florian Westphal) [1862384]\n- [net] netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers. (Florian Westphal) [1862384]\n- [net] netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers. (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_pipapo: Disable preemption before getting per-CPU pointer (Florian Westphal) [1862384]\n- [net] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported (Florian Westphal) [1862384]\n- [net] netfilter: conntrack: comparison of unsigned in cthelper confirmation (Florian Westphal) [1862384]\n- [net] netfilter: conntrack: refetch conntrack after nf_conntrack_update() (Florian Westphal) [1862384]\n- [net] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update (Florian Westphal) [1862384]\n- [net] netfilter: conntrack: make conntrack userspace helpers work again (Florian Westphal) [1862384]\n- [net] netfilter: nfnetlink_cthelper: unbreak userspace helper support (Florian Westphal) [1862384]\n- [net] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build (Florian Westphal) [1862384]\n- [net] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_bitmap: initialize set element extension in lookups (Florian Westphal) [1862384]\n- [net] netfilter: nft_fwd_netdev: validate family and chain type (Florian Westphal) [1862384]\n- [net] netfilter: nft_payload: add missing attribute validation for payload csum flags (Florian Westphal) [1862384]\n- [net] netfilter: cthelper: add missing attribute validation for cthelper (Florian Westphal) [1862384]\n- [net] netfilter: ipset: Fix forceadd evaluation path (Florian Westphal) [1862384]\n- [net] netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() (Florian Westphal) [1862384]\n- [net] netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (Florian Westphal) [1862384]\n- [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1862384]\n- [arm64] kvm: arm64: Dont inherit exec permission across page-table levels (Andrew Jones) [1869297]\n- [arm64] kvm: arm64: Flush the instruction cache if not unmapping the VM on reboot (Andrew Jones) [1869297]\n- [s390] s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (Claudio Imbrenda) [1868927]\n- [fs] chardev: Avoid potential use-after-free in chrdev_open() (Vladis Dronov) [1866324] {CVE-2020-0305}\n- [net] net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus (Nitesh Narayan Lal) [1868433]\n- [x86] Revert x86/intel: Disable HPET on Intel Ice Lake platforms (David Arcari) [1868405]\n- [kernel] sched: Fix race against ptrace_freeze_trace() (Oleg Nesterov) [1862560]\n- [kernel] sched: Fix loadavg accounting race (Oleg Nesterov) [1862560]\n- [kernel] kernel/sched/: remove caller signal_pending branch predictions (Oleg Nesterov) [1862560]\n- [kernel] locking/spinlock, sched/core: Clarify requirements for smp_mb__after_spinlock() (Oleg Nesterov) [1862560]\n- [nvme] nvme: multipath: round-robin: eliminate fallback variable (Gopal Tiwari) [1868443]\n- [nvme] nvme: multipath: round-robin: fix single non-optimized path case (Gopal Tiwari) [1868443]\n- [nvme] nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (Gopal Tiwari) [1868443]\n- [nvme] nvme-multipath: fix logic for non-optimized paths (Gopal Tiwari) [1868443]\n- [tools] selftests/bpf: Fix segmentation fault in test_progs (Yauheni Kaliuta) [1868494]\n- [pci] hv: Fix a timing issue which causes kdump to fail occasionally (Mohammed Gamal) [1861960]\n- [hv] hv: vmbus: Only notify Hyper-V for die events that are oops (Vitaly Kuznetsov) [1868131]\n- [x86] kvm: nsvm: Correctly set the shadow NPT root level in its MMU role (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: x86: drop superfluous mmu_check_root() from fast_pgd_switch() (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: use nested_svm_load_cr3() on guest->host switch (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: implement nested_svm_load_cr3() and use it for host->guest switch (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: move kvm_set_cr3() after nested_svm_uninit_mmu_context() (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: introduce nested_svm_load_cr3()/nested_npt_enabled() (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: prepare to handle errors from enter_svm_guest_mode() (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: reset nested_run_pending upon nested_svm_vmrun_msrpm() failure (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: mmu: stop dereferencing vcpu->arch.mmu to get the context for MMU init (Vitaly Kuznetsov) [1845507]\n- [x86] kvm: nsvm: split kvm_init_shadow_npt_mmu() from kvm_init_shadow_mmu() (Vitaly Kuznetsov) [1845507]\n- [security] selinux: compute genfs symlink context in case of CephFS (Ondrej Mosnacek) [1865800]\n- [fs] ceph: set sec_context xattr on symlink creation (Ondrej Mosnacek) [1861509]\n- [tools] selftests: bpf: define SO_RCVTIMEO and SO_SNDTIMEO properly for ppc64le (Jiri Benc) [1860386]\n- [tools] bpf: Sync RHEL version of asm-generic/socket.h to tools/ (Jiri Benc) [1860386]\n- [tools] selftests: bpf: skip tests not working on RHEL (Jiri Benc) [1866908]\n- [tools] Revert selftests: bpf: disable test_lwt_seg6local (Jiri Benc) [1866908]\n- [tools] Revert bpf: selftests: remove test_bpftool_build.sh from TEST_PROGS (Jiri Benc) [1866908]\n- [tools] selftests: add option to skip specific tests in RHEL (Jiri Benc) [1866908]\n- [tools] selftests: bpf: switch off timeout (Jiri Benc) [1866908]\n- [tools] selftest/firmware: Add selftest timeout in settings (Jiri Benc) [1866908]\n- [tools] selftests/harness: Limit step counter reporting (Jiri Benc) [1866908]\n- [tools] selftests/harness: Clean up kern-doc for fixtures (Jiri Benc) [1866908]\n- [tools] selftests: fix condition in run_tests (Jiri Benc) [1866908]\n- [tools] selftests: do not use .ONESHELL (Jiri Benc) [1866908]\n- [tools] selftests/harness: Report skip reason (Jiri Benc) [1866908]\n- [tools] selftests/harness: Display signed values correctly (Jiri Benc) [1866908]\n- [tools] selftests/harness: Refactor XFAIL into SKIP (Jiri Benc) [1866908]\n- [tools] selftests/harness: Switch to TAP output (Jiri Benc) [1866908]\n- [tools] selftests: Add header documentation and helpers (Jiri Benc) [1866908]\n- [tools] kselftest: fix TAP output for skipped tests (Jiri Benc) [1866908]\n- [tools] kselftest: ksft_test_num return type should be unsigned (Jiri Benc) [1866908]\n- [tools] selftests: introduce gen_tar Makefile target (Jiri Benc) [1866908]\n- [tools] kselftest: add fixture variants (Jiri Benc) [1866908]\n- [tools] kselftest: run tests by fixture (Jiri Benc) [1866908]\n- [tools] kselftest: create fixture objects (Jiri Benc) [1866908]\n- [tools] kselftest: factor out list manipulation to a helper (Jiri Benc) [1866908]\n- [tools] selftests: add build/cross-build dependency check script (Jiri Benc) [1866908]\n- [tools] kselftest/runner: allow to properly deliver signals to tests (Jiri Benc) [1866908]\n- [tools] selftests/harness: fix spelling mistake SIGARLM -> SIGALRM (Jiri Benc) [1866908]\n- [tools] selftests: enforce local header dependency in lib.mk (Jiri Benc) [1866908]\n- [tools] selftests/harness: Handle timeouts cleanly (Jiri Benc) [1866908]\n- [tools] selftests/harness: Move test child waiting logic (Jiri Benc) [1866908]\n- [tools] selftests: Fix kselftest O=objdir build from cluttering top level objdir (Jiri Benc) [1866908]\n- [tools] selftests: allow detection of build failures (Jiri Benc) [1866908]\n- [tools] selftests: fix build behaviour on targets failures (Jiri Benc) [1866908]\n- [tools] kselftest: Support old perl versions (Jiri Benc) [1866908]\n- [tools] kselftest/runner: Print new line in print of timeout log (Jiri Benc) [1866908]\n- [tools] selftests: Fix dangling documentation references to kselftest_module.sh (Jiri Benc) [1866908]\n- [tools] kselftest: Fix NULL INSTALL_PATH for TARGETS runlist (Jiri Benc) [1866908]\n- [tools] selftests: Move kselftest_module.sh into kselftest/ (Jiri Benc) [1866908]\n- [tools] selftests: gen_kselftest_tar.sh: Do not clobber kselftest/ (Jiri Benc) [1866908]\n- [tools] selftests/kselftest/runner.sh: Add 45 second timeout per test (Jiri Benc) [1866908]\n- [tools] kselftest: exclude failed TARGETS from runlist (Jiri Benc) [1866908]\n- [tools] kselftest: add capability to skip chosen TARGETS (Jiri Benc) [1866908]\n- [tools] selftests: Add kselftest-all and kselftest-install targets (Jiri Benc) [1866908]\n- [tools] selftests: use instead of make (Jiri Benc) [1866908]\n- [tools] kselftest: save-and-restore errno to allow for m formatting (Jiri Benc) [1866908]\n- [tools] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 481 (Jiri Benc) [1866908]\n- [tools] selftests/harness: Allow test to configure timeout (Jiri Benc) [1866908]\n- [tools] selftests: avoid KBUILD_OUTPUT dir cluttering with selftest objects (Jiri Benc) [1866908]\n- [tools] selftests: fix bpf build/test workflow regression when KBUILD_OUTPUT is set (Jiri Benc) [1866908]\n- [tools] selftests: fix install target to use default install path (Jiri Benc) [1866908]\n- [tools] selftests: build and run gpio when output directory is the src dir (Jiri Benc) [1866908]\n- [documentation] doc: kselftest: Fix KBUILD_OUTPUT usage instructions (Jiri Benc) [1866908]\n- [tools] selftests: fix headers_install circular dependency (Jiri Benc) [1866908]\n- [tools] selftests/harness: Add 30 second timeout per test (Jiri Benc) [1866908]\n- [tools] kselftest: Add test module framework header (Jiri Benc) [1866908]\n- [tools] kselftest: Add test runner creation script (Jiri Benc) [1866908]\n- [tools] selftests/harness: Update named initializer syntax (Jiri Benc) [1866908]\n- [tools] selftest: include stdio.h in kselftest.h (Jiri Benc) [1866908]\n- [tools] selftests: do not macro-expand failed assertion expressions (Jiri Benc) [1866908]\n- [documentation] Documentation/dev-tools: clean up kselftest.rst (Jiri Benc) [1866908]\n- [documentation] doc: dev-tools: kselftest.rst: update config file location (Jiri Benc) [1866908]\n- [documentation] doc: dev-tools: kselftest.rst: update contributing new tests (Jiri Benc) [1866908]\n[4.18.0-233]\n- [fs] nfs: ensure correct writeback errors are returned on close() (Scott Mayhew) [1849424]\n- [netdrv] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (Dean Nelson) [1824858]\n- [crypto] crypto: ecc - SP800-56A rev 3 local public key validation (Herbert Xu) [1855817]\n- [crypto] crypto: dh - SP800-56A rev 3 local public key validation (Herbert Xu) [1855817]\n- [crypto] crypto: dh - check validity of Z before export (Herbert Xu) [1855817]\n- [lib] lib/mpi: Add mpi_sub_ui() (Herbert Xu) [1855817]\n- [crypto] crypto: ecdh - check validity of Z before export (Herbert Xu) [1855817]\n- [netdrv] net: thunderx: initialize VFs mailbox mutex before first usage (Dean Nelson) [1866827]\n- [kernel] timers: Lower base clock forwarding threshold (Phil Auld) [1833096]\n- [kernel] timers: Remove must_forward_clk (Phil Auld) [1833096]\n- [kernel] timers: Spare timer softirq until next expiry (Phil Auld) [1833096]\n- [kernel] timers: Expand clk forward logic beyond nohz (Phil Auld) [1833096]\n- [kernel] timers: Reuse next expiry cache after nohz exit (Phil Auld) [1833096]\n- [kernel] timers: Always keep track of next expiry (Phil Auld) [1833096]\n- [kernel] timers: Optimize _next_timer_interrupt() level iteration (Phil Auld) [1833096]\n- [kernel] timers: Add comments about calc_index() ceiling work (Phil Auld) [1833096]\n- [kernel] timers: Move trigger_dyntick_cpu() to enqueue_timer() (Phil Auld) [1833096]\n- [kernel] timers: Use only bucket expiry for base->next_expiry value (Phil Auld) [1833096]\n- [kernel] timers: Preserve higher bits of expiration on index calculation (Phil Auld) [1833096]\n- [kernel] timer: Fix wheel index calculation on last level (Phil Auld) [1833096]\n- [kernel] timer: Prevent base->clk from moving backward (Phil Auld) [1833096]\n- [kernel] timer: Read jiffies once when forwarding base clk (Phil Auld) [1833096]\n- [powerpc] powerpc/64: Update Speculation_Store_Bypass in /proc/\n/status (Gustavo Duarte) [1773868]\n- [scsi] scsi: virtio-scsi: Correctly handle the case where all LUNs are unplugged (Maxim Levitsky) [1756093]\n- [kvm] kvm: x86: replace kvm_spec_ctrl_test_value with runtime test on the host (Maxim Levitsky) [1853447]\n- [kvm] x86/kvm: Move context tracking where it belongs (Nitesh Narayan Lal) [1854011]\n- [scsi] scsi: megaraid_sas: Clear affinity hint (Tomas Henzl) [1828351]\n- [netdrv] revert vxlan: fix tos value before xmit (Andrea Claudi) [1862166]\n- [net] udp: Copy has_conns in reuseport_grow(). (Marcelo Leitner) [1867160]\n- [net] dev: Defer free of skbs in flush_backlog (Marcelo Leitner) [1867160]\n- [include] net: core: reduce recursion limit value (Marcelo Leitner) [1867160]\n- [netdrv] pppoe: only process PADT targeted at local interfaces (Andrea Claudi) [1866850]\n- [net] espintcp: count packets dropped in espintcp_rcv (Sabrina Dubroca) [1866393]\n- [net] espintcp: handle short messages instead of breaking the encap socket (Sabrina Dubroca) [1866393]\n- [net] espintcp: recv() should return 0 when the peer socket is closed (Sabrina Dubroca) [1866393]\n- [net] espintcp: support non-blocking sends (Sabrina Dubroca) [1866393]\n- [net] mptcp: be careful on subflow creation (Davide Caratti) [1862200]\n- [net] mptcp: fix bogus sendmsg() return code under pressure (Davide Caratti) [1862200]\n- [net] mptcp: fix joined subflows with unblocking sk (Davide Caratti) [1862200]\n- [net] subflow: explicitly check for plain tcp rsk (Davide Caratti) [1862200]\n- [net] mptcp: silence warning in subflow_data_ready() (Davide Caratti) [1862200]\n- [net] mptcp: fix race in subflow_data_ready() (Davide Caratti) [1862200]\n- [net] mptcp: fix memory leak in mptcp_subflow_create_socket() (Davide Caratti) [1862200]\n- [net] mptcp: dont leak msk in token container (Davide Caratti) [1862200]\n- [net] ipv4: Silence suspicious RCU usage warning (Guillaume Nault) [1866430]\n- [net] devinet: fix memleak in inetdev_init() (Guillaume Nault) [1866430]\n- [net] ipip: fix wrong address family in init error path (Guillaume Nault) [1866430]\n- [net] inet_csk: Fix so_reuseport bind-address cache in tb->fast* (Guillaume Nault) [1866430]\n- [net] ipmr: Add lockdep expression to ipmr_for_each_table macro (Guillaume Nault) [1866430]\n- [net] ipmr: Fix RCU list debugging warning (Guillaume Nault) [1866430]\n- [net] tcp: make sure listeners dont initialize congestion-control state (Paolo Abeni) [1865904]\n- [net] sched: The error lable position is corrected in ct_init_module (Davide Caratti) [1865890]\n- [net] sched: cls_api: fix nooffloaddevcnt warning dmesg log (Davide Caratti) [1865890]\n- [net] tls: fix race condition causing kernel panic (Sabrina Dubroca) [1861756]\n- [net] tls: free record only on encryption error (Sabrina Dubroca) [1861756]\n- [net] tls: fix encryption error checking (Sabrina Dubroca) [1861756]\n- [net] l2tp: add sk_family checks to l2tp_validate_socket (Guillaume Nault) [1861453]\n- [net] l2tp: do not use inet_hash()/inet_unhash() (Guillaume Nault) [1861453]\n- [net] tipc: allow to build NACK message in link timeout function (Xin Long) [1860877]\n- [net] tipc: fix retransmission on unicast links (Xin Long) [1860877]\n- [net] tipc: fix NULL pointer dereference in tipc_disc_rcv() (Xin Long) [1860877]\n- [net] tipc: remove set but not used variable prev (Xin Long) [1860877]\n- [net] tipc: call tsk_set_importance from tipc_topsrv_create_listener (Xin Long) [1860877]\n- [net] tipc: add support for broadcast rcv stats dumping (Xin Long) [1860877]\n- [net] tipc: enable broadcast retrans via unicast (Xin Long) [1860877]\n- [net] tipc: add back link trace events (Xin Long) [1860877]\n- [net] tipc: introduce Gap ACK blocks for broadcast link (Xin Long) [1860877]\n- [net] tipc: block BH before using dst_cache (Xin Long) [1860877]\n- [net] tipc: fix partial topology connection closure (Xin Long) [1860877]\n- [net] xfrm: policy: match with both mark and mask on user interfaces (Xin Long) [1854116]\n- [scsi] scsi: dh: Add Fujitsu device to devinfo and dh lists (Ewan Milne) [1861418]\n- [x86] kvm: Set KVM_SOFT_MAX_VCPUS to 1024 (Eduardo Habkost) [1856996]\n- [md] dm integrity: fix integrity recalculation that is improperly skipped (Mike Snitzer) [1860160]\n- [netdrv] ibmvnic: Fix IRQ mapping disposal in error path (Steve Best) [1867498]\n- [infiniband] IB/hfi1: Do not destroy link_wq when the device is shut down (Kamal Heib) [1858392]\n- [infiniband] IB/hfi1: Do not destroy hfi1_wq when the device is shut down (Kamal Heib) [1858392]\n- [netdrv] Revert net/broadcom: Clean broadcom code from driver versions (Jonathan Toppins) [1867146]\n- [net] devmap: Use bpf_map_area_alloc() for allocating hash buckets (Jiri Benc) [1842380]\n- [kernel] kexec_file: Correctly output debugging information for the PT_LOAD ELF header (Lianbo Jiang) [1861186]\n- [kernel] kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [1861186]\n- [x86] x86/crash: Correct the address boundary of function parameters (Lianbo Jiang) [1861186]\n- [fs] ceph: handle zero-length feature mask in session messages (Jeff Layton) [1866018]\n- [s390] s390/bpf: Tolerate not converging code shrinking (Yauheni Kaliuta) [1857120]\n- [s390] s390/bpf: Use brcl for jumping to exit_ip if necessary (Yauheni Kaliuta) [1857120]\n- [s390] s390/bpf: Fix sign extension in branch_ku (Yauheni Kaliuta) [1857120]\n- [tools] selftests: bpf: test_kmod.sh: Fix running out of srctree (Yauheni Kaliuta) [1857120]\n- [lib] bpf: revert test_bpf: Flag tests that cannot be jited on s390 (Yauheni Kaliuta) [1857120]\n- [kernel] uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned (Oleg Nesterov) [1848596]\n[4.18.0-232]\n- [fs] nfs: nfs_file_write() should check for writeback errors (Scott Mayhew) [1852788]\n- [s390] s390/cpum_cf, perf: change DFLT_CCERROR counter name (Philipp Rudo) [1865794]\n- [net] net/smc: unique reason code for exceeded max dmb count (Philipp Rudo) [1865792]\n- [s390] s390/ism: indicate correct error reason in ism_alloc_dmb() (Philipp Rudo) [1865792]\n- [net] net/smc: fix dmb buffer shortage (Philipp Rudo) [1865792]\n- [net] net/smc: put slot when connection is killed (Philipp Rudo) [1865792]\n- [net] net/smc: fix restoring of fallback changes (Philipp Rudo) [1865792]\n- [net] net/smc: remove freed buffer from list (Philipp Rudo) [1865792]\n- [net] net/smc: do not call dma sync for unmapped memory (Philipp Rudo) [1865792]\n- [net] net/smc: fix handling of delete link requests (Philipp Rudo) [1865792]\n- [net] net/smc: move add link processing for new device into llc layer (Philipp Rudo) [1865792]\n- [net] net/smc: drop out-of-flow llc response messages (Philipp Rudo) [1865792]\n- [net] net/smc: protect smc ib device initialization (Philipp Rudo) [1865792]\n- [net] net/smc: fix link lookup for new rdma connections (Philipp Rudo) [1865792]\n- [net] net/smc: clear link during SMC client link down processing (Philipp Rudo) [1865792]\n- [net] net/smc: handle unexpected response types for confirm link (Philipp Rudo) [1865792]\n- [net] net/smc: switch smcd_dev_list spinlock to mutex (Philipp Rudo) [1865792]\n- [net] net/smc: fix sleep bug in smc_pnet_find_roce_resource() (Philipp Rudo) [1865792]\n- [net] net/smc: fix work request handling (Philipp Rudo) [1865792]\n- [net] net/smc: separate LLC wait queues for flow and messages (Philipp Rudo) [1865792]\n- [net] net/smc: pre-fetch send buffer outside of send_lock (Philipp Rudo) [1865792]\n- [nvme] nvme-fc: set max_segments to lldd max value (Ewan Milne) [1853181]\n- [powerpc] ppc64/kexec_file: enable early kernels OPAL calls (Diego Domingos) [1829715]\n- [powerpc] ppc64/kexec_file: fix kexec load failure with lack of memory hole (Diego Domingos) [1829715]\n- [powerpc] ppc64/kexec_file: add appropriate regions for memory reserve map (Diego Domingos) [1829715]\n- [powerpc] ppc64/kexec_file: prepare elfcore header for crashing kernel (Diego Domingos) [1829715]\n- [powerpc] ppc64/kexec_file: setup backup region for kdump kernel (Diego Domingos) [1829715]\n- [powerpc] ppc64/kexec_file: restrict memory usage of kdump kernel (Diego Domingos) [1829715]\n- [mm] powerpc/drmem: make lmb walk a bit more flexible (Diego Domingos) [1829715]\n- [powerpc] ppc64/kexec_file: avoid stomping memory used by special regions (Diego Domingos) [1829715]\n- [powerpc] powerpc/kexec_file: add helper functions for getting memory ranges (Diego Domingos) [1829715]\n- [powerpc] powerpc/kexec_file: mark PPC64 specific code (Diego Domingos) [1829715]\n- [kernel] kexec_file: allow archs to handle special regions while locating memory hole (Diego Domingos) [1829715]\n- [netdrv] net/mlx5e: CT: Support restore ipv6 tunnel (Alaa Hleihel) [1862975]\n- [netdrv] ionic: unlock queue mutex in error path (Jonathan Toppins) [1854270]\n- [netdrv] ionic: use mutex to protect queue operations (Jonathan Toppins) [1854270]\n- [net] xfrm: esp6: fix the location of the transport header with encapsulation (Sabrina Dubroca) [1857653]\n- [net] ipv4: fill fl4_icmp_{type, code} in ping_v4_sendmsg (Sabrina Dubroca) [1861324]\n- [netdrv] geneve: fix an uninitialized value in geneve_changelink() (Sabrina Dubroca) [1860945]\n- [net] ip_tunnel: fix use-after-free in ip_tunnel_lookup() (Sabrina Dubroca) [1860945]\n- [netdrv] vxlan: Avoid infinite loop when suppressing NS messages with invalid options (Sabrina Dubroca) [1860945]\n- [tools] selftests: mptcp: capture pcap on both sides (Hangbin Liu) [1859880]\n- [tools] selftests/net: report etf errors correctly (Hangbin Liu) [1859880]\n- [tools] selftests: net: ip_defrag: ignore EPERM (Hangbin Liu) [1859880]\n- [tools] selftests: forwarding: pedit_dsfield: Check counter value (Hangbin Liu) [1859880]\n- [tools] selftests: net: tcp_mmap: fix SO_RCVLOWAT setting (Hangbin Liu) [1859880]\n- [tools] selftests: net: tcp_mmap: clear whole tcp_zerocopy_receive struct (Hangbin Liu) [1859880]\n- [tools] selftests: A few improvements to fib_nexthops.sh (Hangbin Liu) [1859880]\n- [tools] selftests: Add tests for vrf and xfrms (Hangbin Liu) [1859880]\n- [tools] selftests: pmtu: implement IPIP, SIT and ip6tnl PMTU discovery tests (Hangbin Liu) [1859880]\n- [tools] selftests/net/forwarding: define libs as TEST_PROGS_EXTENDED (Hangbin Liu) [1859880]\n- [tools] selftests/net/forwarding: add Makefile to install tests (Hangbin Liu) [1859880]\n- [tools] selftests: nft_concat_range: Move option for list ruleset before command (Hangbin Liu) [1859880]\n- [tools] selftests: netfilter: use randomized netns names (Hangbin Liu) [1859880]\n- [tools] kselftests: netfilter: fix leftover net/net-next merge conflict (Hangbin Liu) [1859880]\n- [tools] selftests: netfilter: missing error check when setting up veth interface (Hangbin Liu) [1859880]\n- [net] sctp: Dont advertise IPv4 addresses if ipv6only is set on the socket (Xin Long) [1860673]\n- [net] sctp: check assoc before SCTP_ADDR_{MADE_PRIM, ADDED} event (Xin Long) [1860673]\n- [net] sctp: fix typo sctp_ulpevent_nofity_peer_addr_change (Xin Long) [1860673]\n- [net] sctp: Fix spelling in Kconfig help (Xin Long) [1860673]\n- [net] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (Xin Long) [1860673]\n- [net] sctp: Dont add the shutdown timer if its already been added (Xin Long) [1860673]\n- [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1860673]\n- [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1860673]\n- [net] ip6_vti: use IS_REACHABLE to avoid some compile errors (Xin Long) [1840976 1835075]\n- [net] xfrm: interface: use IS_REACHABLE to avoid some compile errors (Xin Long) [1840976 1835075]\n- [net] xfrm: interface: not xfrmi_ipv6/ipip_handler twice (Xin Long) [1840976 1835075]\n- [net] ip6_vti: not register vti_ipv6_handler twice (Xin Long) [1840976 1835075]\n- [net] ip_vti: not register vti_ipip_handler twice (Xin Long) [1840976 1835075]\n- [net] xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler (Xin Long) [1840976 1835075]\n- [net] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler (Xin Long) [1840976 1835075]\n- [net] ipcomp: assign if_id to child tunnel from parent tunnel (Xin Long) [1840976 1835075]\n- [net] ip6_vti: support IP6IP tunnel processing (Xin Long) [1840976 1835075]\n- [net] ip6_vti: support IP6IP6 tunnel processing with .cb_handler (Xin Long) [1840976 1835075]\n- [net] ip_vti: support IPIP6 tunnel processing (Xin Long) [1840976 1835075]\n- [net] ip_vti: support IPIP tunnel processing with .cb_handler (Xin Long) [1840976 1835075]\n- [net] tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels (Xin Long) [1840976 1835075]\n- [net] tunnel4: add cb_handler to struct xfrm_tunnel (Xin Long) [1840976 1835075]\n- [net] xfrm: add is_ipip to struct xfrm_input_afinfo (Xin Long) [1840976 1835075]\n- [net] tunnel6: support for IPPROTO_MPLS (Xin Long) [1840976 1835075]\n- [net] virtio_vsock: Enhance connection semantics (Stefano Garzarella) [1861735]\n- [net] virtio_vsock: Fix race condition in virtio_transport_recv_pkt (Stefano Garzarella) [1858135]\n- [net] vsock/virtio: annotate the_virtio_vsock RCU pointer (Stefano Garzarella) [1861762]\n- [vhost] vsock/virtio: fix multiple packet delivery to monitoring devices (Stefano Garzarella) [1861762]\n- [vhost] vsock: fix packet delivery order to monitoring devices (Stefano Garzarella) [1861762]\n- [vhost] vsock: accept only packets with the right dst_cid (Stefano Garzarella) [1861762]\n- [vhost] vsock: refuse CID assigned to the guest->host transport (Stefano Garzarella) [1861762]\n- [vhost] vsock: switch to a mutex for vhost_vsock_hash (Stefano Garzarella) [1861762]\n- [net] vsock: fix timeout in vsock_accept() (Stefano Garzarella) [1861762]\n- [net] vsock: Simplify __vsock_release() (Stefano Garzarella) [1861762]\n- [netdrv] net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (Alaa Hleihel) [1859477]\n- [netdrv] net/mlx5e: Modify uplink state on interface up/down (Alaa Hleihel) [1861720 1859477]\n- [netdrv] net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup (Alaa Hleihel) [1859477 1856660]\n- [netdrv] ixgbe: Add ethtool support to enable 2.5 and 5.0 Gbps support (Ken Cox) [1835962]\n- [x86] x86/purgatory: Add -fno-stack-protector (Lianbo Jiang) [1857528]\n- [x86] x86/purgatory: Fail the build if purgatory.ro has missing symbols (Lianbo Jiang) [1857528]\n- [x86] x86/purgatory: Do not use __builtin_memcpy and __builtin_memset (Lianbo Jiang) [1857528]\n- [x86] x86/boot: Provide KASAN compatible aliases for string routines (Lianbo Jiang) [1857528]\n- [x86] x86/purgatory: Disable various profiling and sanitizing options (Lianbo Jiang) [1857528]\n- [x86] x86/boot: Restrict header scope to make Clang happy (Lianbo Jiang) [1857528]\n[4.18.0-231]\n- [x86] x86/entry/64: Update comments and sanity tests for create_gap (Jiri Olsa) [1850831]\n- [x86] x86/alternatives: add missing insn.h include (Jiri Olsa) [1850831]\n- [x86] x86/alternatives: Teach text_poke_bp() to emulate instructions (Jiri Olsa) [1850831]\n- [x86] x86/paravirt: Standardize insn_buff variable names (Jiri Olsa) [1850831]\n- [x86] x86_64: Allow breakpoints to emulate call instructions (Jiri Olsa) [1850831]\n- [x86] x86_64: Add gap to int3 to allow for call emulation (Jiri Olsa) [1850831]\n- [x86] x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (Jiri Olsa) [1850831]\n- [nvme] nvme: add a Identify Namespace Identification Descriptor list quirk (Gopal Tiwari) [1862136]\n- [nvme] nvme: fix identify error status silent ignore (Gopal Tiwari) [1862136]\n- [nvme] nvme: fix possible hang when ns scanning fails during error recovery (Gopal Tiwari) [1862136]\n- [nvme] nvme: refactor nvme_identify_ns_descs error handling (Gopal Tiwari) [1862136]\n- [infiniband] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (Kamal Heib) [1850314]\n- [powerpc] powerpc/pseries: PCIE PHB reset (Steve Best) [1747345]\n- [drm] drm/nouveau/kms: Handle -EINPROGRESS in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms: Fix runtime PM leak in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms: Invert conditionals in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms: Use pm_runtime_put_autosuspend() in hpd_work (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms/fbcon: Use pm_runtime_put_autosuspend() in suspend work (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms/fbcon: Fix pm_runtime calls in nouveau_fbcon_output_poll_changed() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms/fbcon: Correct pm_runtime calls in nouveau_fbcon_release() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms: Fix rpm leak in nouveau_connector_hotplug() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms: Handle -EINPROGRESS in nouveau_connector_hotplug() (Lyude Paul) [1827812]\n- [drm] drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (Lyude Paul) [1827812]\n- [drm] drm/nouveau/kms/tu102: wait for core update to complete when assigning windows (Lyude Paul) [1827812]\n- [drm] drm/nouveau/disp/gm200-: fix regression from HDA SOR selection changes (Lyude Paul) [1827812]\n- [drm] drm/amd/powerplay: fix a crash when overclocking Vega M (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: fix preemption unit test (Lyude Paul) [1827812]\n- [drm] drm/amdgpu/gfx10: fix race condition for kiq (Lyude Paul) [1827812]\n- [drm] drm/amd/display: add dmcub check on RENOIR (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Check DMCU Exists Before Loading (Lyude Paul) [1827812]\n- [drm] drm/nouveau/nouveau: fix page fault on device private memory (Lyude Paul) [1827812]\n- [drm] drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (Lyude Paul) [1827812]\n- [drm] drm/i915/perf: Use GTT when saving/restoring engine GPR (Lyude Paul) [1827812]\n- [drm] drm/i915/gvt: Fix two CFL MMIO handling caused by regression (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Only swap to a random sibling once upon creation (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Ignore irq enabling on the virtual engines (Lyude Paul) [1827812]\n- [drm] drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2 (Lyude Paul) [1827812]\n- [drm] drm/amdgpu/display: create fake mst encoders ahead of time (v4) (Lyude Paul) [1827812]\n- [drm] drm/amd/display: handle failed allocation during stream construction (Lyude Paul) [1827812]\n- [drm] drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (Lyude Paul) [1827812]\n- [drm] drm/amdgpu/powerplay: Modify SMC message name for setting power profile mode (Lyude Paul) [1827812]\n- [drm] drm/i915: Also drop vm.ref along error paths for vma construction (Lyude Paul) [1827812]\n- [drm] drm/i915: Drop vm.ref for duplicate vma on construction (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: asd function needs to be unloaded in suspend phase (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: add TMR destory function for psp (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: dont do soft recovery if gpu_recovery=0 (Lyude Paul) [1827812]\n- [drm] drm/i915: Skip stale object handle for debugfs per-file-stats (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Pin the rings before marking active (Lyude Paul) [1827812]\n- [drm] drm/radeon: fix double free (Lyude Paul) [1827812]\n- [drm] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (Lyude Paul) [1827812]\n- [drm] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (Lyude Paul) [1827812]\n- [iommu] iommu/vt-d: Dont apply gfx quirks to untrusted devices (Lyude Paul) [1827812]\n- [drm] drm/tegra: hub: Do not enable orphaned window group (Lyude Paul) [1827812]\n- [drm] drm/ttm: Fix dma_fence refcnt leak when adding move fence (Lyude Paul) [1827812]\n- [drm] drm/ttm: Fix dma_fence refcnt leak in ttm_bo_vm_fault_reserved (Lyude Paul) [1827812]\n- [drm] drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: use u rather than d for sclk/mclk (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Only revalidate bandwidth on medium and fast updates (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Mark timeline->cacheline as destroyed after rcu grace period (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Fix ineffective setting of max bpc property (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Fix incorrectly pruned modes with deep color (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: add fw release for sdma v5_0 (Lyude Paul) [1827812]\n- [drm] drm/radeon: fix fb_div check in ni_init_smc_spll_table() (Lyude Paul) [1827812]\n- [drm] drm/amd: fix potential memleak in err branch (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Enable output_bpc property on all outputs (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (Lyude Paul) [1827812]\n- [drm] Revert drm/amd/display: disable dcn20 abm feature for bring up (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Move gen4 GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Move vlv GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Move ilk GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Move snb GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Move ivb GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Move hsw GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812]\n- [drm] drm/i915/gt: Incrementally check for rewinding (Lyude Paul) [1827812]\n- [drm] drm/i915/tc: fix the reset of ln0 (Lyude Paul) [1827812]\n- [drm] drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Use kvfree() to free coeff in build_regamma() (Lyude Paul) [1827812]\n- [drm] drm/amdkfd: Use correct major in devcgroup check (Lyude Paul) [1827812]\n- [drm] drm/connector: notify userspace on hotplug after register complete (Lyude Paul) [1827812]\n- [drm] drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (Lyude Paul) [1827812]\n- [drm] drm/i915/gem: Avoid iterating an empty list (Lyude Paul) [1827812]\n- [drm] drm/i915: Fix AUX power domain toggling across TypeC mode resets (Lyude Paul) [1827812]\n- [drm] drm/dp_mst: Increase ACT retry timeout to 3s (Lyude Paul) [1827812]\n- [drm] drm/ast: Dont check new mode if CRTC is being disabled (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: Replace invalid device ID with a valid device ID (Lyude Paul) [1827812]\n- [drm] drm/amdgpu/display: use blanked rather than plane state for sync groups (Lyude Paul) [1827812]\n- [drm] drm/qxl: Use correct notify port address when creating cursor ring (Lyude Paul) [1827812]\n- [drm] drm/dp_mst: Reformat drm_dp_check_act_status() a bit (Lyude Paul) [1827812]\n- [drm] drm/ast: fix missing break in switch statement for format->cppcase 4 (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Revalidate bandwidth before commiting DC updates (Lyude Paul) [1827812]\n- [drm] drm/nouveau: gr/gk20a: Use firmware version 0 (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode (Lyude Paul) [1827812]\n- [drm] drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Do not disable pipe split if mode is not supported (Lyude Paul) [1827812]\n- [drm] drm/amd/display: dmcu wait loop calculation is incorrect in RV (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Correct updating logic of dcn21s pipe VM flags (Lyude Paul) [1827812]\n- [drm] drm/ast: Allocate initial CRTC state of the correct size (Lyude Paul) [1827812]\n- [drm] drm/hisilicon: Enforce 128-byte stride alignment to fix the hardware limitation (Lyude Paul) [1827812]\n- [drm] drm/dp: Lenovo X13 Yoga OLED panel brightness fix (Lyude Paul) [1827812]\n- [drm] drm/i915/dpcd_bl: Unbreak enable_dpcd_backlight modparam (Lyude Paul) [1827812]\n- [drm] drm/i915: Force DPCD backlight mode for some Dell CML 2020 panels (Lyude Paul) [1827812]\n- [drm] drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel (Lyude Paul) [1827812]\n- [drm] drm/dp: Introduce EDID-based quirks (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: Init data to avoid oops while reading pp_num_states (Lyude Paul) [1827812]\n- [drm] drm/amd/display: fix virtual signal dsc setup (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Force watermark value propagation (Lyude Paul) [1827812]\n- [drm] drm: bridge: adv7511: Extend list of audio sample rates (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: fix and cleanup amdgpu_gem_object_close v4 (Lyude Paul) [1827812]\n- [drm] drm/vkms: Hold gem object while still in-use (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Not doing optimize bandwidth if flip pending (Lyude Paul) [1827812]\n- [drm] drm/amd/display: remove invalid dc_is_hw_initialized function (Lyude Paul) [1827812]\n- [drm] drm/amd/display: DP training to set properly SCRAMBLING_DISABLE (Lyude Paul) [1827812]\n- [drm] drm/edid: Add Oculus Rift S to non-desktop list (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Fix potential integer wraparound resulting in a hang (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Added locking for atomic update stream and update planes (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Indicate dsc updates explicitly (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Split program front end part that occur outside lock (Lyude Paul) [1827812]\n- [drm] drm/amd/display: drop cursor position check in atomic test (Lyude Paul) [1827812]\n- [drm] drm/amd/amdgpu: Update update_config() logic (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: Use GEM obj reference for KFD BOs (Lyude Paul) [1827812]\n- [drm] drm/amd/powerplay: perform PG ungate prior to CG ungate (Lyude Paul) [1827812]\n- [drm] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate (Lyude Paul) [1827812]\n- [drm] drm/i915: Propagate error from completed fences (Lyude Paul) [1827812]\n- [drm] drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (Lyude Paul) [1827812]\n- [drm] drm/amd/display: Prevent dpcd reads with passive dongles (Lyude Paul) [1827812]\n- [drm] drm/amd/display: fix counter in wait_for_no_pipes_pending (Lyude Paul) [1827812]\n- [gpu] vgaarb: Keep adding VGA device in queue (Lyude Paul) [1827812]", "published": "2020-11-10T00:00:00", "modified": "2020-11-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, "href": "http://linux.oracle.com/errata/ELSA-2020-4431.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10713", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14331", "CVE-2020-14381", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "immutableFields": [], "lastseen": "2021-07-30T06:24:21", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "amazon", "idList": ["ALAS-2020-1338", "ALAS-2020-1360", "ALAS-2020-1366", "ALAS-2020-1377", "ALAS-2020-1382", "ALAS-2020-1401", "ALAS-2020-1430", "ALAS-2020-1437", "ALAS-2020-1446", "ALAS-2020-1462", "ALAS-2021-1461", "ALAS2-2020-1392", "ALAS2-2020-1405", "ALAS2-2020-1431", "ALAS2-2020-1440", "ALAS2-2020-1465", "ALAS2-2020-1480", "ALAS2-2020-1488", "ALAS2-2020-1495", "ALAS2-2020-1566", "ALAS2-2021-1719"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-03-01", "ANDROID:2020-04-01", "ANDROID:2020-06-01", "ANDROID:2020-07-01", "ANDROID:2020-08-01", "ANDROID:2020-12-01", "ANDROID:2021-01-01", "ANDROID:2021-08-01"]}, {"type": "attackerkb", "idList": ["AKB:D179C673-BB99-4F4C-9D19-8FF081A85C1F"]}, {"type": "centos", "idList": ["CESA-2020:3217", "CESA-2020:3220", "CESA-2020:4060", "CESA-2020:5023", "CESA-2020:5437", "CESA-2021:2314", "CESA-2021:2725"]}, {"type": "cert", "idList": ["VU:174059"]}, {"type": "checkpoint_security", "idList": ["CPS:SK168414"]}, {"type": "cisa", "idList": ["CISA:4CA744242533EA980240D07CC5A48867"]}, {"type": "cisco", "idList": ["CISCO-SA-GRUB2-CODE-EXEC-XLEPCAPY"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1", "CFOUNDRY:28D7D983C9283C1F04F738490F4E9234", "CFOUNDRY:2B547AA94018245E71F37CB94BA4EEBC", "CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C", "CFOUNDRY:5D359B30C62666D917EB31596D1BFDE4", "CFOUNDRY:7D6795462AFD47DE31FD5B40467B68C4", "CFOUNDRY:873D4C50CDC37566272A2CA3925ADB7A", "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4", "CFOUNDRY:9BF498B2FAF35AA57F2C51B7E395428D", "CFOUNDRY:A6BB54E614972BC1F16419D7DB82331A", "CFOUNDRY:ABBF4BD74406CA92477E7CFB1AD01190", "CFOUNDRY:C4D1C1686A388941AD439B6E19ADC7F2"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0255", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10713", "CVE-2020-10732", "CVE-2020-10741", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14331", "CVE-2020-14381", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2021-3744"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DLA-2241-1:DE3AB", "DEBIAN:DLA-2241-2:3E557", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2323-1:C146F", "DEBIAN:DLA-2385-1:FDE93", "DEBIAN:DLA-2420-1:692E7", "DEBIAN:DLA-2420-2:175D1", "DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DSA-4667-1:62006", "DEBIAN:DSA-4667-1:834A8", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4699-1:D5D43", "DEBIAN:DSA-4735-1:A9183"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-12614", "DEBIANCVE:CVE-2019-15917", "DEBIANCVE:CVE-2019-15925", "DEBIANCVE:CVE-2019-16231", "DEBIANCVE:CVE-2019-16233", "DEBIANCVE:CVE-2019-18808", "DEBIANCVE:CVE-2019-18809", "DEBIANCVE:CVE-2019-19046", "DEBIANCVE:CVE-2019-19056", "DEBIANCVE:CVE-2019-19062", "DEBIANCVE:CVE-2019-19063", "DEBIANCVE:CVE-2019-19068", "DEBIANCVE:CVE-2019-19072", "DEBIANCVE:CVE-2019-19319", "DEBIANCVE:CVE-2019-19332", "DEBIANCVE:CVE-2019-19447", "DEBIANCVE:CVE-2019-19524", "DEBIANCVE:CVE-2019-19533", "DEBIANCVE:CVE-2019-19537", "DEBIANCVE:CVE-2019-19543", "DEBIANCVE:CVE-2019-19602", "DEBIANCVE:CVE-2019-19767", "DEBIANCVE:CVE-2019-19770", "DEBIANCVE:CVE-2019-20054", "DEBIANCVE:CVE-2019-20636", "DEBIANCVE:CVE-2019-9455", "DEBIANCVE:CVE-2019-9458", "DEBIANCVE:CVE-2020-0305", "DEBIANCVE:CVE-2020-0444", "DEBIANCVE:CVE-2020-10713", "DEBIANCVE:CVE-2020-10732", "DEBIANCVE:CVE-2020-10751", "DEBIANCVE:CVE-2020-10773", "DEBIANCVE:CVE-2020-10774", "DEBIANCVE:CVE-2020-10942", "DEBIANCVE:CVE-2020-11565", "DEBIANCVE:CVE-2020-11668", "DEBIANCVE:CVE-2020-12465", "DEBIANCVE:CVE-2020-12655", "DEBIANCVE:CVE-2020-12659", "DEBIANCVE:CVE-2020-12770", "DEBIANCVE:CVE-2020-12826", "DEBIANCVE:CVE-2020-14331", "DEBIANCVE:CVE-2020-14381", "DEBIANCVE:CVE-2020-14385", "DEBIANCVE:CVE-2020-14386", "DEBIANCVE:CVE-2020-25641", "DEBIANCVE:CVE-2020-8647", "DEBIANCVE:CVE-2020-8648", "DEBIANCVE:CVE-2020-8649", "DEBIANCVE:CVE-2021-3744"]}, {"type": "f5", "idList": ["F5:K03310902", "F5:K10429441", "F5:K14981751", "F5:K18129121", "F5:K20378113", "F5:K21458044", "F5:K30046854", "F5:K32196386", "F5:K33535454", "F5:K40752270", "F5:K42232641", "F5:K42438635", "F5:K45501314", "F5:K46444421", "F5:K52325031", "F5:K53634325", "F5:K54337315", "F5:K55545288", "F5:K58022757", "F5:K58523450", "F5:K58541692", "F5:K60001344", "F5:K84797753", "F5:K84900646"]}, {"type": "fedora", "idList": ["FEDORA:03DA06180ED3", "FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:055473124314", "FEDORA:07B5A6CB4421", "FEDORA:14FCA30C8E50", "FEDORA:15484608781D", "FEDORA:1BCA130BE0CB", "FEDORA:1BD5B6389B47", "FEDORA:1FF6B30C5606", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2836F613193B", "FEDORA:344346042F3E", "FEDORA:34B1E30BD736", "FEDORA:371E06040B12", "FEDORA:38E6C304E78C", "FEDORA:3917560460DA", "FEDORA:3A3766C5B5A2", "FEDORA:3A69E60B3E88", "FEDORA:4002B609954A", "FEDORA:4CEF5610D7CA", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:51B856067EB8", "FEDORA:574BC3099D0A", "FEDORA:59E3F606D998", "FEDORA:5A4D662AE22C", "FEDORA:5BC786077CC2", "FEDORA:628EB603ECD0", "FEDORA:62D0460BC99C", "FEDORA:6B92130C7DAE", "FEDORA:6E67663233DB", "FEDORA:754F860A98ED", "FEDORA:803AE30C6416", "FEDORA:84FBF6179A05", "FEDORA:8FEA960A4096", "FEDORA:94BC060A4ECF", "FEDORA:9801060D30FA", "FEDORA:98E8F6079A11", "FEDORA:AAD0A60B6998", "FEDORA:AFCD261367A6", "FEDORA:B6D9530BD736", "FEDORA:BF5EC607125E", "FEDORA:C1EA6603ECEC", "FEDORA:C4D496071279", "FEDORA:C63656040AE1", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:D3523607924A", "FEDORA:E40BC3052A43", "FEDORA:EC9F26076D31"]}, {"type": "gentoo", "idList": ["GLSA-202104-05"]}, {"type": "githubexploit", "idList": ["A10132DA-F650-5163-A3F9-DBE973D0187D", "F96E9425-1BDA-5323-839C-263FF8413976"]}, {"type": "hp", "idList": ["HP:C06707446"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200923-01-GRUB2"]}, {"type": "ibm", "idList": ["1879325E67264056B58E8AD7F16855960BE3D80A459CF04AA2C576744065C438", "1B4C690B7DA33A4807087B34223ECB27C2AA91A91D536267A98B4BCEEB54A441", "1FDB55812AD3D9AB018A402C76AD1A7D7977943CA45EE64E54E9B459FD5AD0BA", "36F5A24A0FE05876D471A20F32BE0669E453AF841B04CDD94792F8F80EF7F4D4", "5C971ABE298E715E4DD664F197820425272400B40C52EF433CFD40BAFACB63C8", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "6A87B9F11547CBB5AC4F1FE177841B2F643EC4AD8D24A2DD05457A4859C2A497", "76523CA6ED9F13FF53F8FE827130B4B536110FD08A6CE82CEB4E3150DA65DF24", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "89705B406BC34CFDE34239974351BBFD8507A55179356911F33A32F43F42DBB9", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "8FB323EC50EB5CCD3380176BF2571DDA8C7739DBF4BC558C9B57458B912FEEF7", "93800CB903FCF930D2442012C501177682436E51AEBEA85D7632953A9A31B533", "B208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E", "B89616326F2ACA4483A6FD1036A987B8D2828930F6AC900D37AB085C7941179D", "CC7C59C447672FD38F401C113CC2FB566A4A8ECC5BA33F3AD6C4A2198333F41B", "CDF395DCA76931626CDB7CC71C6A81A725FA69D7DD15259B58CC23FBAAF0244D", "D860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "ics", "idList": ["ICSA-21-336-06"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "lenovo", "idList": ["LENOVO:PS500336-GRUB2-VULNERABILITY-AKA-BOOT-HOLE-NOSID", "LENOVO:PS500336-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0388", "MGASA-2020-0089", "MGASA-2020-0140", "MGASA-2020-0158", "MGASA-2020-0183", "MGASA-2020-0184", "MGASA-2020-0201", "MGASA-2020-0227", "MGASA-2020-0228", "MGASA-2020-0333", "MGASA-2020-0392", "MGASA-2021-0315"]}, {"type": "mscve", "idList": ["MS:ADV200011"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1392.NASL", "AL2_ALAS-2020-1405.NASL", "AL2_ALAS-2020-1431.NASL", "AL2_ALAS-2020-1440.NASL", "AL2_ALAS-2020-1465.NASL", "AL2_ALAS-2020-1480.NASL", "AL2_ALAS-2020-1488.NASL", "AL2_ALAS-2020-1495.NASL", "AL2_ALAS-2020-1566.NASL", "AL2_ALAS-2021-1719.NASL", "AL2_ALASKERNEL-5_10-2022-007.NASL", "AL2_ALASKERNEL-5_4-2022-009.NASL", "AL2_ALASKERNEL-5_4-2022-012.NASL", "AL2_ALASKERNEL-5_4-2022-014.NASL", "AL2_ALASKERNEL-5_4-2022-015.NASL", "AL2_ALASKERNEL-5_4-2022-016.NASL", "AL2_ALASKERNEL-5_4-2022-027.NASL", "AL2_ALASKERNEL-5_4-2022-029.NASL", "AL2_ALASKERNEL-5_4-2022-031.NASL", "ALA_ALAS-2020-1338.NASL", "ALA_ALAS-2020-1360.NASL", "ALA_ALAS-2020-1366.NASL", "ALA_ALAS-2020-1377.NASL", "ALA_ALAS-2020-1382.NASL", "ALA_ALAS-2020-1401.NASL", "ALA_ALAS-2020-1430.NASL", "ALA_ALAS-2020-1437.NASL", "ALA_ALAS-2020-1446.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "CENTOS8_RHSA-2020-3216.NASL", "CENTOS8_RHSA-2020-4286.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS_RHSA-2020-3217.NASL", "CENTOS_RHSA-2020-4060.NASL", "CENTOS_RHSA-2020-5023.NASL", "CENTOS_RHSA-2020-5437.NASL", "CENTOS_RHSA-2021-2314.NASL", "CENTOS_RHSA-2021-2725.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DLA-2241.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DLA-2323.NASL", "DEBIAN_DLA-2385.NASL", "DEBIAN_DLA-2420.NASL", "DEBIAN_DLA-2483.NASL", "DEBIAN_DSA-4667.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4699.NASL", "DEBIAN_DSA-4735.NASL", "DEBIAN_DSA-5096.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1972.NASL", "EULEROS_SA-2019-2106.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1158.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2020-1292.NASL", "EULEROS_SA-2020-1308.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1368.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1508.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1698.NASL", "EULEROS_SA-2020-1713.NASL", "EULEROS_SA-2020-1807.NASL", "EULEROS_SA-2020-1832.NASL", "EULEROS_SA-2020-1833.NASL", "EULEROS_SA-2020-1834.NASL", "EULEROS_SA-2020-1891.NASL", "EULEROS_SA-2020-1892.NASL", "EULEROS_SA-2020-1920.NASL", "EULEROS_SA-2020-1946.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2020-1965.NASL", "EULEROS_SA-2020-2011.NASL", "EULEROS_SA-2020-2150.NASL", "EULEROS_SA-2020-2151.NASL", "EULEROS_SA-2020-2166.NASL", "EULEROS_SA-2020-2176.NASL", "EULEROS_SA-2020-2184.NASL", "EULEROS_SA-2020-2222.NASL", "EULEROS_SA-2020-2303.NASL", "EULEROS_SA-2020-2311.NASL", "EULEROS_SA-2020-2353.NASL", "EULEROS_SA-2020-2411.NASL", "EULEROS_SA-2020-2429.NASL", "EULEROS_SA-2020-2443.NASL", "EULEROS_SA-2020-2462.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1200.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1454.NASL", "EULEROS_SA-2021-1601.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2502.NASL", "EULEROS_SA-2022-1376.NASL", "EULEROS_SA-2022-1402.NASL", "F5_BIGIP_SOL84900646.NASL", "FEDORA_2019-021C968423.NASL", "FEDORA_2019-124A241044.NASL", "FEDORA_2019-34A75D7E61.NASL", "FEDORA_2019-39E97683E8.NASL", "FEDORA_2019-83858FC57B.NASL", "FEDORA_2019-B86A7BDBA0.NASL", "FEDORA_2019-C03EDA3CC6.NASL", "FEDORA_2020-5A69DECC0C.NASL", "FEDORA_2020-708B23F2CE.NASL", "FEDORA_2020-B858B48B23.NASL", "FEDORA_2020-C6B9FFF7F8.NASL", "FEDORA_2021-79CBBEFEBE.NASL", "GENTOO_GLSA-202104-05.NASL", "NEWSTART_CGSL_NS-SA-2021-0007_FWUPDATE.NASL", "NEWSTART_CGSL_NS-SA-2021-0008_GRUB2.NASL", "NEWSTART_CGSL_NS-SA-2021-0009_SHIM.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0051_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0126_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0136_FWUPDATE.NASL", "NEWSTART_CGSL_NS-SA-2021-0139_GRUB2.NASL", "NEWSTART_CGSL_NS-SA-2021-0141_SHIM.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0014_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0017_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0073_KERNEL.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2019-2503.NASL", "OPENSUSE-2019-2507.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2020-1153.NASL", "OPENSUSE-2020-1168.NASL", "OPENSUSE-2020-1169.NASL", "OPENSUSE-2020-1236.NASL", "OPENSUSE-2020-1325.NASL", "OPENSUSE-2020-1379.NASL", "OPENSUSE-2020-1382.NASL", "OPENSUSE-2020-1586.NASL", "OPENSUSE-2020-1655.NASL", "OPENSUSE-2020-1698.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2020-336.NASL", "OPENSUSE-2020-388.NASL", "OPENSUSE-2020-543.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2020-935.NASL", "OPENSUSE-2021-1357.NASL", "OPENSUSE-2021-1365.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-3179.NASL", "OPENSUSE-2021-3205.NASL", "OPENSUSE-2021-3338.NASL", "OPENSUSE-2021-3387.NASL", "OPENSUSE-2021-3447.NASL", "OPENSUSE-2021-3876.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2020-4286.NASL", "ORACLELINUX_ELSA-2020-5023.NASL", "ORACLELINUX_ELSA-2020-5437.NASL", "ORACLELINUX_ELSA-2020-5508.NASL", "ORACLELINUX_ELSA-2020-5526.NASL", "ORACLELINUX_ELSA-2020-5528.NASL", "ORACLELINUX_ELSA-2020-5533.NASL", "ORACLELINUX_ELSA-2020-5535.NASL", "ORACLELINUX_ELSA-2020-5642.NASL", "ORACLELINUX_ELSA-2020-5649.NASL", "ORACLELINUX_ELSA-2020-5663.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2020-5691.NASL", "ORACLELINUX_ELSA-2020-5706.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5710.NASL", "ORACLELINUX_ELSA-2020-5714.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5750.NASL", "ORACLELINUX_ELSA-2020-5754.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5756.NASL", "ORACLELINUX_ELSA-2020-5782.NASL", "ORACLELINUX_ELSA-2020-5786.NASL", "ORACLELINUX_ELSA-2020-5802.NASL", "ORACLELINUX_ELSA-2020-5804.NASL", "ORACLELINUX_ELSA-2020-5805.NASL", "ORACLELINUX_ELSA-2020-5837.NASL", "ORACLELINUX_ELSA-2020-5841.NASL", "ORACLELINUX_ELSA-2020-5844.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5848.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5878.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5884.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2021-2314.NASL", "ORACLELINUX_ELSA-2021-2725.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9006.NASL", "ORACLELINUX_ELSA-2021-9007.NASL", "ORACLELINUX_ELSA-2021-9164.NASL", "ORACLELINUX_ELSA-2021-9442.NASL", "ORACLELINUX_ELSA-2021-9473.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "ORACLEVM_OVMSA-2020-0028.NASL", "ORACLEVM_OVMSA-2020-0041.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLEVM_OVMSA-2021-0030.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0279_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0290_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0292_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0297_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0303_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0310_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0311_GRUB2.NASL", "PHOTONOS_PHSA-2020-1_0-0323_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0212_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0230_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0239_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0246_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0266_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0267_GRUB2.NASL", "PHOTONOS_PHSA-2020-2_0-0282_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0052_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0069_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0073_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0082_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0100_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0119_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0140_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0177_LINUX.NASL", "REDHAT-RHSA-2020-1493.NASL", "REDHAT-RHSA-2020-2104.NASL", "REDHAT-RHSA-2020-2854.NASL", "REDHAT-RHSA-2020-3216.NASL", "REDHAT-RHSA-2020-3217.NASL", "REDHAT-RHSA-2020-3223.NASL", "REDHAT-RHSA-2020-3227.NASL", "REDHAT-RHSA-2020-3271.NASL", "REDHAT-RHSA-2020-3273.NASL", "REDHAT-RHSA-2020-3274.NASL", "REDHAT-RHSA-2020-3275.NASL", "REDHAT-RHSA-2020-3276.NASL", "REDHAT-RHSA-2020-3545.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4115.NASL", "REDHAT-RHSA-2020-4172.NASL", "REDHAT-RHSA-2020-4286.NASL", "REDHAT-RHSA-2020-4287.NASL", "REDHAT-RHSA-2020-4289.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-5023.NASL", "REDHAT-RHSA-2020-5026.NASL", "REDHAT-RHSA-2020-5079.NASL", "REDHAT-RHSA-2020-5199.NASL", "REDHAT-RHSA-2020-5206.NASL", "REDHAT-RHSA-2020-5374.NASL", "REDHAT-RHSA-2020-5430.NASL", "REDHAT-RHSA-2020-5437.NASL", "REDHAT-RHSA-2020-5441.NASL", "REDHAT-RHSA-2020-5656.NASL", "REDHAT-RHSA-2021-0019.NASL", "REDHAT-RHSA-2021-0073.NASL", "REDHAT-RHSA-2021-0136.NASL", "REDHAT-RHSA-2021-0686.NASL", "REDHAT-RHSA-2021-0689.NASL", "REDHAT-RHSA-2021-0763.NASL", "REDHAT-RHSA-2021-0765.NASL", "REDHAT-RHSA-2021-0774.NASL", "REDHAT-RHSA-2021-2314.NASL", "REDHAT-RHSA-2021-2316.NASL", "REDHAT-RHSA-2021-2725.NASL", "REDHAT-RHSA-2021-2726.NASL", "REDHAT-RHSA-2021-3320.NASL", "REDHAT-RHSA-2021-3522.NASL", "REDHAT-RHSA-2022-1209.NASL", "REDHAT-RHSA-2022-1213.NASL", "SLACKWARE_SSA_2020-008-01.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SLACKWARE_SSA_2020-163-01.NASL", "SLACKWARE_SSA_2020-295-01.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SL_20201110_KERNEL_ON_SL7_X.NASL", "SL_20201215_KERNEL_ON_SL7_X.NASL", "SL_20210609_KERNEL_ON_SL7_X.NASL", "SL_20210721_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-14127-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2948-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3233-1.NASL", "SUSE_SU-2019-3237-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2019-3389-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0558-1.NASL", "SUSE_SU-2020-0559-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0580-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-0688-1.NASL", "SUSE_SU-2020-0836-1.NASL", "SUSE_SU-2020-1118-1.NASL", "SUSE_SU-2020-1119-1.NASL", "SUSE_SU-2020-1123-1.NASL", "SUSE_SU-2020-1141-1.NASL", "SUSE_SU-2020-1142-1.NASL", "SUSE_SU-2020-1146-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-14354-1.NASL", "SUSE_SU-2020-14440-1.NASL", "SUSE_SU-2020-14442-1.NASL", "SUSE_SU-2020-14490-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-2073-1.NASL", "SUSE_SU-2020-2074-1.NASL", "SUSE_SU-2020-2076-1.NASL", "SUSE_SU-2020-2077-1.NASL", "SUSE_SU-2020-2078-1.NASL", "SUSE_SU-2020-2079-1.NASL", "SUSE_SU-2020-2105-1.NASL", "SUSE_SU-2020-2106-1.NASL", "SUSE_SU-2020-2107-1.NASL", "SUSE_SU-2020-2119-1.NASL", "SUSE_SU-2020-2121-1.NASL", "SUSE_SU-2020-2122-1.NASL", "SUSE_SU-2020-2134-1.NASL", "SUSE_SU-2020-2152-1.NASL", "SUSE_SU-2020-2486-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2020-2491-1.NASL", "SUSE_SU-2020-2492-1.NASL", "SUSE_SU-2020-2497-1.NASL", "SUSE_SU-2020-2498-1.NASL", "SUSE_SU-2020-2499-1.NASL", "SUSE_SU-2020-2502-1.NASL", "SUSE_SU-2020-2540-1.NASL", "SUSE_SU-2020-2574-1.NASL", "SUSE_SU-2020-2575-1.NASL", "SUSE_SU-2020-2576-1.NASL", "SUSE_SU-2020-2577-1.NASL", "SUSE_SU-2020-2578-1.NASL", "SUSE_SU-2020-2582-1.NASL", "SUSE_SU-2020-2610-1.NASL", "SUSE_SU-2020-2623-1.NASL", "SUSE_SU-2020-2627-1.NASL", "SUSE_SU-2020-2628-1.NASL", "SUSE_SU-2020-2629-1.NASL", "SUSE_SU-2020-2631-1.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-2980-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3219-1.NASL", "SUSE_SU-2020-3225-1.NASL", "SUSE_SU-2020-3230-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3648-1.NASL", "SUSE_SU-2020-3656-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-14630-1.NASL", "SUSE_SU-2021-3179-1.NASL", "SUSE_SU-2021-3205-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3337-1.NASL", "SUSE_SU-2021-3338-1.NASL", "SUSE_SU-2021-3339-1.NASL", "SUSE_SU-2021-3386-1.NASL", "SUSE_SU-2021-3387-1.NASL", "SUSE_SU-2021-3388-1.NASL", "SUSE_SU-2021-3389-1.NASL", "SUSE_SU-2021-3415-1.NASL", "SUSE_SU-2021-3447-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2022-14905-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4225-1.NASL", "UBUNTU_USN-4225-2.NASL", "UBUNTU_USN-4226-1.NASL", "UBUNTU_USN-4227-1.NASL", "UBUNTU_USN-4228-1.NASL", "UBUNTU_USN-4254-1.NASL", "UBUNTU_USN-4258-1.NASL", "UBUNTU_USN-4284-1.NASL", "UBUNTU_USN-4285-1.NASL", "UBUNTU_USN-4286-1.NASL", "UBUNTU_USN-4287-1.NASL", "UBUNTU_USN-4300-1.NASL", "UBUNTU_USN-4301-1.NASL", "UBUNTU_USN-4302-1.NASL", "UBUNTU_USN-4319-1.NASL", "UBUNTU_USN-4325-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "UBUNTU_USN-4363-1.NASL", "UBUNTU_USN-4364-1.NASL", "UBUNTU_USN-4367-1.NASL", "UBUNTU_USN-4367-2.NASL", "UBUNTU_USN-4368-1.NASL", "UBUNTU_USN-4369-1.NASL", "UBUNTU_USN-4369-2.NASL", "UBUNTU_USN-4387-1.NASL", "UBUNTU_USN-4388-1.NASL", "UBUNTU_USN-4389-1.NASL", "UBUNTU_USN-4390-1.NASL", "UBUNTU_USN-4391-1.NASL", "UBUNTU_USN-4411-1.NASL", "UBUNTU_USN-4412-1.NASL", "UBUNTU_USN-4413-1.NASL", "UBUNTU_USN-4414-1.NASL", "UBUNTU_USN-4419-1.NASL", "UBUNTU_USN-4427-1.NASL", "UBUNTU_USN-4432-1.NASL", "UBUNTU_USN-4432-2.NASL", "UBUNTU_USN-4439-1.NASL", "UBUNTU_USN-4440-1.NASL", "UBUNTU_USN-4465-1.NASL", "UBUNTU_USN-4483-1.NASL", "UBUNTU_USN-4485-1.NASL", "UBUNTU_USN-4489-1.NASL", "UBUNTU_USN-4525-1.NASL", "UBUNTU_USN-4526-1.NASL", "UBUNTU_USN-4576-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4752-1.NASL", "UBUNTU_USN-4904-1.NASL", "UBUNTU_USN-5140-1.NASL", "UBUNTU_USN-5161-1.NASL", "UBUNTU_USN-5162-1.NASL", "UBUNTU_USN-5163-1.NASL", "UBUNTU_USN-5164-1.NASL", "UBUNTU_USN-5343-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL", "WINDOWS_UEFI_BOOTHOLE.NBIN"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704667", "OPENVAS:1361412562310704698", "OPENVAS:1361412562310704699", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844281", "OPENVAS:1361412562310844282", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310844284", "OPENVAS:1361412562310844298", "OPENVAS:1361412562310844314", "OPENVAS:1361412562310844316", "OPENVAS:1361412562310844341", "OPENVAS:1361412562310844342", "OPENVAS:1361412562310844343", "OPENVAS:1361412562310844347", "OPENVAS:1361412562310844362", "OPENVAS:1361412562310844364", "OPENVAS:1361412562310844365", "OPENVAS:1361412562310844384", "OPENVAS:1361412562310844387", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310844433", "OPENVAS:1361412562310844434", "OPENVAS:1361412562310844438", "OPENVAS:1361412562310844439", "OPENVAS:1361412562310844443", "OPENVAS:1361412562310844448", "OPENVAS:1361412562310844451", "OPENVAS:1361412562310844461", "OPENVAS:1361412562310844462", "OPENVAS:1361412562310844464", "OPENVAS:1361412562310844465", "OPENVAS:1361412562310844466", "OPENVAS:1361412562310844482", "OPENVAS:1361412562310844483", "OPENVAS:1361412562310844484", "OPENVAS:1361412562310844485", "OPENVAS:1361412562310844496", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852772", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852891", "OPENVAS:1361412562310852917", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310853070", "OPENVAS:1361412562310853084", "OPENVAS:1361412562310853121", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310853260", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876484", "OPENVAS:1361412562310876488", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877113", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877834", "OPENVAS:1361412562310877859", "OPENVAS:1361412562310877862", "OPENVAS:1361412562310877884", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310877977", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892114", "OPENVAS:1361412562310892241", "OPENVAS:1361412562310892242", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191972", "OPENVAS:1361412562311220192106", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201158", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201269", "OPENVAS:1361412562311220201292", "OPENVAS:1361412562311220201308", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201368", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201452", "OPENVAS:1361412562311220201508", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201606", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201698", "OPENVAS:1361412562311220201713"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3218", "ELSA-2020-3220", "ELSA-2020-4060", "ELSA-2020-4286", "ELSA-2020-4436", "ELSA-2020-5023", "ELSA-2020-5437", "ELSA-2020-5508", "ELSA-2020-5526", "ELSA-2020-5528", "ELSA-2020-5533", "ELSA-2020-5535", "ELSA-2020-5642", "ELSA-2020-5649", "ELSA-2020-5663", "ELSA-2020-5670", "ELSA-2020-5676", "ELSA-2020-5691", "ELSA-2020-5706", "ELSA-2020-5708", "ELSA-2020-5710", "ELSA-2020-5714", "ELSA-2020-5715", "ELSA-2020-5750", "ELSA-2020-5753", "ELSA-2020-5754", "ELSA-2020-5755", "ELSA-2020-5756", "ELSA-2020-5782", "ELSA-2020-5786", "ELSA-2020-5790", "ELSA-2020-5802", "ELSA-2020-5804", "ELSA-2020-5805", "ELSA-2020-5837", "ELSA-2020-5841", "ELSA-2020-5844", "ELSA-2020-5845", "ELSA-2020-5848", "ELSA-2020-5866", "ELSA-2020-5878", "ELSA-2020-5879", "ELSA-2020-5884", "ELSA-2020-5885", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2021-2314", "ELSA-2021-2725", "ELSA-2021-9002", "ELSA-2021-9006", "ELSA-2021-9007", "ELSA-2021-9052", "ELSA-2021-9140", "ELSA-2021-9164", "ELSA-2021-9442", "ELSA-2021-9473"]}, {"type": "osv", "idList": ["OSV:ASB-A-150693166", "OSV:ASB-A-153715664", "OSV:ASB-A-170658976", "OSV:ASB-A-175193031", "OSV:DLA-1930-1", "OSV:DLA-2068-1", "OSV:DLA-2114-1", "OSV:DLA-2241-1", "OSV:DLA-2242-1", "OSV:DLA-2323-1", "OSV:DLA-2385-1", "OSV:DLA-2420-1", "OSV:DLA-2483-1", "OSV:DSA-4667-1", "OSV:DSA-4698-1", "OSV:DSA-4699-1", "OSV:DSA-4735-1", "OSV:DSA-4735-2"]}, {"type": "photon", "idList": ["PHSA-2019-0009", "PHSA-2019-0015", "PHSA-2019-0026", "PHSA-2019-0034", "PHSA-2019-0046", "PHSA-2019-0151", "PHSA-2019-0194", "PHSA-2019-0236", "PHSA-2019-1.0-0236", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0046", "PHSA-2020-0052", "PHSA-2020-0069", "PHSA-2020-0073", "PHSA-2020-0082", "PHSA-2020-0100", "PHSA-2020-0119", "PHSA-2020-0120", "PHSA-2020-0140", "PHSA-2020-0142", "PHSA-2020-0153", "PHSA-2020-0174", "PHSA-2020-0177", "PHSA-2020-0212", "PHSA-2020-0219", "PHSA-2020-0221", "PHSA-2020-0230", "PHSA-2020-0237", "PHSA-2020-0239", "PHSA-2020-0246", "PHSA-2020-0254", "PHSA-2020-0266", "PHSA-2020-0267", "PHSA-2020-0274", "PHSA-2020-0282", "PHSA-2020-0287", "PHSA-2020-0288", "PHSA-2020-0290", "PHSA-2020-0292", "PHSA-2020-0310", "PHSA-2020-0311", "PHSA-2020-0323", "PHSA-2020-1.0-0274", "PHSA-2020-1.0-0279", "PHSA-2020-1.0-0287", "PHSA-2020-1.0-0290", "PHSA-2020-1.0-0292", "PHSA-2020-1.0-0297", "PHSA-2020-1.0-0303", "PHSA-2020-1.0-0310", "PHSA-2020-1.0-0311", "PHSA-2020-1.0-0323", "PHSA-2020-2.0-0212", "PHSA-2020-2.0-0230", "PHSA-2020-2.0-0239", "PHSA-2020-2.0-0246", "PHSA-2020-2.0-0266", "PHSA-2020-2.0-0267", "PHSA-2020-2.0-0282", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0120", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0177", "PHSA-2021-0399", "PHSA-2021-0436"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:4DA175A5FB10CC3E64B58AB0536688A4"]}, {"type": "redhat", "idList": ["RHSA-2020:1493", "RHSA-2020:2104", "RHSA-2020:2854", "RHSA-2020:3216", "RHSA-2020:3217", "RHSA-2020:3218", "RHSA-2020:3219", "RHSA-2020:3220", "RHSA-2020:3221", "RHSA-2020:3222", "RHSA-2020:3223", "RHSA-2020:3224", "RHSA-2020:3226", "RHSA-2020:3227", "RHSA-2020:3228", "RHSA-2020:3230", "RHSA-2020:3232", "RHSA-2020:3271", "RHSA-2020:3273", "RHSA-2020:3274", "RHSA-2020:3275", "RHSA-2020:3276", "RHSA-2020:3545", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4115", "RHSA-2020:4172", "RHSA-2020:4286", "RHSA-2020:4287", "RHSA-2020:4289", "RHSA-2020:4331", "RHSA-2020:4332", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5023", "RHSA-2020:5026", "RHSA-2020:5050", "RHSA-2020:5079", "RHSA-2020:5118", "RHSA-2020:5199", "RHSA-2020:5206", "RHSA-2020:5374", "RHSA-2020:5430", "RHSA-2020:5437", "RHSA-2020:5441", "RHSA-2020:5633", "RHSA-2020:5656", "RHSA-2021:0019", "RHSA-2021:0037", "RHSA-2021:0039", "RHSA-2021:0073", "RHSA-2021:0136", "RHSA-2021:0686", "RHSA-2021:0689", "RHSA-2021:0763", "RHSA-2021:0765", "RHSA-2021:0774", "RHSA-2021:2314", "RHSA-2021:2316", "RHSA-2021:2461", "RHSA-2021:2725", "RHSA-2021:2726", "RHSA-2021:3016", "RHSA-2021:3320", "RHSA-2021:3522", "RHSA-2022:1209", "RHSA-2022:1213", "RHSA-2022:1622"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-12614", "RH:CVE-2019-15917", "RH:CVE-2019-15925", "RH:CVE-2019-16231", "RH:CVE-2019-16233", "RH:CVE-2019-18808", "RH:CVE-2019-18809", "RH:CVE-2019-19046", "RH:CVE-2019-19056", "RH:CVE-2019-19062", "RH:CVE-2019-19063", "RH:CVE-2019-19068", "RH:CVE-2019-19072", "RH:CVE-2019-19319", "RH:CVE-2019-19332", "RH:CVE-2019-19447", "RH:CVE-2019-19524", "RH:CVE-2019-19533", "RH:CVE-2019-19537", "RH:CVE-2019-19543", "RH:CVE-2019-19602", "RH:CVE-2019-19767", "RH:CVE-2019-19770", "RH:CVE-2019-20054", "RH:CVE-2019-20636", "RH:CVE-2019-9455", "RH:CVE-2019-9458", "RH:CVE-2020-0305", "RH:CVE-2020-0444", "RH:CVE-2020-10713", "RH:CVE-2020-10732", "RH:CVE-2020-10751", "RH:CVE-2020-10773", "RH:CVE-2020-10774", "RH:CVE-2020-10942", "RH:CVE-2020-11565", "RH:CVE-2020-11668", "RH:CVE-2020-12465", "RH:CVE-2020-12655", "RH:CVE-2020-12659", "RH:CVE-2020-12770", "RH:CVE-2020-12826", "RH:CVE-2020-14331", "RH:CVE-2020-14372", "RH:CVE-2020-14381", "RH:CVE-2020-14385", "RH:CVE-2020-14386", "RH:CVE-2020-25641", "RH:CVE-2020-35508", "RH:CVE-2020-8647", "RH:CVE-2020-8648", "RH:CVE-2020-8649", "RH:CVE-2021-3744", "RH:CVE-2021-3764"]}, {"type": "slackware", "idList": ["SSA-2020-008-01", "SSA-2020-086-01", "SSA-2020-163-01", "SSA-2020-295-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2019:2503-1", "OPENSUSE-SU-2019:2507-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2020:0336-1", "OPENSUSE-SU-2020:0388-1", "OPENSUSE-SU-2020:0543-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:0935-1", "OPENSUSE-SU-2020:1153-1", "OPENSUSE-SU-2020:1168-1", "OPENSUSE-SU-2020:1169-1", "OPENSUSE-SU-2020:1236-1", "OPENSUSE-SU-2020:1325-1", "OPENSUSE-SU-2020:1379-1", "OPENSUSE-SU-2020:1382-1", "OPENSUSE-SU-2020:1586-1", "OPENSUSE-SU-2020:1655-1", "OPENSUSE-SU-2020:1698-1", "OPENSUSE-SU-2020:2112-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0242-1", "OPENSUSE-SU-2021:3179-1", "OPENSUSE-SU-2021:3205-1", "OPENSUSE-SU-2021:3876-1"]}, {"type": "symantec", "idList": ["SMNTC-110895", "SMNTC-111080", "SMNTC-111083", "SMNTC-111087", "SMNTC-111210", "SMNTC-111220", "SMNTC-111222", "SMNTC-111313"]}, {"type": "thn", "idList": ["THN:885767C284ED14ED2B32F6713F9AA21F"]}, {"type": "threatpost", "idList": ["THREATPOST:17E00AD621A0ECD9F90FE97E083BF4AC", "THREATPOST:3073D5AD7F3554F422710689A9436CAA", "THREATPOST:D2BB5A9DDB021A7E256A4E0D8A6BDA55"]}, {"type": "ubuntu", "idList": ["LSN-0066-1", "LSN-0068-1", "LSN-0071-1", "LSN-0072-1", "USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4095-2", "USN-4147-1", "USN-4225-1", "USN-4225-2", "USN-4226-1", "USN-4227-1", "USN-4227-2", "USN-4228-1", "USN-4228-2", "USN-4254-1", "USN-4254-2", "USN-4258-1", "USN-4284-1", "USN-4285-1", "USN-4286-1", "USN-4286-2", "USN-4287-1", "USN-4287-2", "USN-4300-1", "USN-4301-1", "USN-4302-1", "USN-4319-1", "USN-4325-1", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1", "USN-4363-1", "USN-4364-1", "USN-4367-1", "USN-4367-2", "USN-4368-1", "USN-4369-1", "USN-4369-2", "USN-4387-1", "USN-4388-1", "USN-4389-1", "USN-4390-1", "USN-4391-1", "USN-4411-1", "USN-4412-1", "USN-4413-1", "USN-4414-1", "USN-4419-1", "USN-4427-1", "USN-4432-1", "USN-4432-2", "USN-4439-1", "USN-4440-1", "USN-4465-1", "USN-4483-1", "USN-4485-1", "USN-4489-1", "USN-4525-1", "USN-4526-1", "USN-4576-1", "USN-4660-1", "USN-4660-2", "USN-4680-1", "USN-4752-1", "USN-4904-1", "USN-5343-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-12614", "UB:CVE-2019-15917", "UB:CVE-2019-15925", "UB:CVE-2019-16231", "UB:CVE-2019-16233", "UB:CVE-2019-18808", "UB:CVE-2019-18809", "UB:CVE-2019-19046", "UB:CVE-2019-19056", "UB:CVE-2019-19062", "UB:CVE-2019-19063", "UB:CVE-2019-19068", "UB:CVE-2019-19072", "UB:CVE-2019-19319", "UB:CVE-2019-19332", "UB:CVE-2019-19447", "UB:CVE-2019-19524", "UB:CVE-2019-19533", "UB:CVE-2019-19537", "UB:CVE-2019-19543", "UB:CVE-2019-19602", "UB:CVE-2019-19767", "UB:CVE-2019-19770", "UB:CVE-2019-20054", "UB:CVE-2019-20636", "UB:CVE-2019-9455", "UB:CVE-2019-9458", "UB:CVE-2020-0305", "UB:CVE-2020-0444", "UB:CVE-2020-10713", "UB:CVE-2020-10732", "UB:CVE-2020-10751", "UB:CVE-2020-10773", "UB:CVE-2020-10774", "UB:CVE-2020-10942", "UB:CVE-2020-11565", "UB:CVE-2020-11668", "UB:CVE-2020-12465", "UB:CVE-2020-12655", "UB:CVE-2020-12659", "UB:CVE-2020-12770", "UB:CVE-2020-12826", "UB:CVE-2020-14331", "UB:CVE-2020-14381", "UB:CVE-2020-14385", "UB:CVE-2020-14386", "UB:CVE-2020-25641", "UB:CVE-2020-8647", "UB:CVE-2020-8648", "UB:CVE-2020-8649", "UB:CVE-2021-3744"]}, {"type": "veracode", "idList": ["VERACODE:25979", "VERACODE:26792", "VERACODE:26853", "VERACODE:26972", "VERACODE:26976", "VERACODE:27120", "VERACODE:27123", "VERACODE:27154", "VERACODE:27232", "VERACODE:27600", "VERACODE:27607", "VERACODE:27638", "VERACODE:27751", "VERACODE:27752", "VERACODE:27753", "VERACODE:27754", "VERACODE:27755", "VERACODE:27756", "VERACODE:27757", "VERACODE:27758", "VERACODE:27759", "VERACODE:27760", "VERACODE:27761", "VERACODE:27762", "VERACODE:27764", "VERACODE:27766", "VERACODE:27767", "VERACODE:27768", "VERACODE:27769", "VERACODE:27770", "VERACODE:27771", "VERACODE:27772", "VERACODE:27773", "VERACODE:27774", "VERACODE:27775", "VERACODE:27776", "VERACODE:27777", "VERACODE:27778", "VERACODE:27779", "VERACODE:27780", "VERACODE:27781", "VERACODE:27782", "VERACODE:27783", "VERACODE:27784", "VERACODE:27785", "VERACODE:27799", "VERACODE:27802", "VERACODE:27803", "VERACODE:29241", "VERACODE:29337"]}, {"type": "virtuozzo", "idList": ["VZA-2020-036", "VZA-2020-037", "VZA-2020-048", "VZA-2020-055", "VZA-2020-056", "VZA-2020-061", "VZA-2020-064"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "amazon", "idList": ["ALAS-2020-1338", "ALAS-2020-1377", "ALAS-2020-1446", "ALAS2-2020-1392", "ALAS2-2020-1405", "ALAS2-2020-1431", "ALAS2-2020-1440", "ALAS2-2020-1465", "ALAS2-2020-1480", "ALAS2-2020-1488", "ALAS2-2020-1495"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-03-01", "ANDROID:2020-04-01", "ANDROID:2020-06-01", "ANDROID:2020-07-01", "ANDROID:2020-08-01", "ANDROID:2020-12-01", "ANDROID:2021-01-01", "ANDROID:2021-08-01"]}, {"type": "attackerkb", "idList": ["AKB:D179C673-BB99-4F4C-9D19-8FF081A85C1F"]}, {"type": "centos", "idList": ["CESA-2020:3217", "CESA-2020:3220", "CESA-2020:5023", "CESA-2020:5437"]}, {"type": "cert", "idList": ["VU:174059"]}, {"type": "checkpoint_security", "idList": ["CPS:SK168414"]}, {"type": "cisa", "idList": ["CISA:4CA744242533EA980240D07CC5A48867"]}, {"type": "cisco", "idList": ["CISCO-SA-GRUB2-CODE-EXEC-XLEPCAPY"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:7D6795462AFD47DE31FD5B40467B68C4", "CFOUNDRY:ABBF4BD74406CA92477E7CFB1AD01190"]}, {"type": "cve", "idList": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-19332", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-10713", "CVE-2020-10751", "CVE-2020-10774", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4735-1:A9183"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-10713"]}, {"type": "f5", "idList": ["F5:K53634325", "F5:K54337315", "F5:K60001344"]}, {"type": "fedora", "idList": ["FEDORA:03DA06180ED3", "FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:055473124314", "FEDORA:07B5A6CB4421", "FEDORA:14FCA30C8E50", "FEDORA:15484608781D", "FEDORA:1BCA130BE0CB", "FEDORA:1BD5B6389B47", "FEDORA:1FF6B30C5606", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2836F613193B", "FEDORA:344346042F3E", "FEDORA:34B1E30BD736", "FEDORA:371E06040B12", "FEDORA:38E6C304E78C", "FEDORA:3917560460DA", "FEDORA:3A3766C5B5A2", "FEDORA:3A69E60B3E88", "FEDORA:4002B609954A", "FEDORA:4CEF5610D7CA", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:51B856067EB8", "FEDORA:574BC3099D0A", "FEDORA:59E3F606D998", "FEDORA:5A4D662AE22C", "FEDORA:5BC786077CC2", "FEDORA:628EB603ECD0", "FEDORA:62D0460BC99C", "FEDORA:6B92130C7DAE", "FEDORA:6E67663233DB", "FEDORA:754F860A98ED", "FEDORA:803AE30C6416", "FEDORA:84FBF6179A05", "FEDORA:8FEA960A4096", "FEDORA:94BC060A4ECF", "FEDORA:9801060D30FA", "FEDORA:98E8F6079A11", "FEDORA:AAD0A60B6998", "FEDORA:AFCD261367A6", "FEDORA:B6D9530BD736", "FEDORA:BF5EC607125E", "FEDORA:C1EA6603ECEC", "FEDORA:C4D496071279", "FEDORA:C63656040AE1", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:D3523607924A", "FEDORA:E40BC3052A43", "FEDORA:EC9F26076D31"]}, {"type": "gentoo", "idList": ["GLSA-202104-05"]}, {"type": "githubexploit", "idList": ["A10132DA-F650-5163-A3F9-DBE973D0187D", "F96E9425-1BDA-5323-839C-263FF8413976"]}, {"type": "hp", "idList": ["HP:C06707446"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200923-01-GRUB2"]}, {"type": "ibm", "idList": ["5C971ABE298E715E4DD664F197820425272400B40C52EF433CFD40BAFACB63C8", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "lenovo", "idList": ["LENOVO:PS500336-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-20054/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-8647/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-8648/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-8647/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-8648/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-8649/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-20054/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/", "MSF:ILITIES/UBUNTU-CVE-2020-28588/"]}, {"type": "mscve", "idList": ["MS:ADV200011"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1392.NASL", "AL2_ALAS-2020-1431.NASL", "ALA_ALAS-2020-1338.NASL", "ALA_ALAS-2020-1366.NASL", "ALA_ALAS-2020-1377.NASL", "ALA_ALAS-2020-1446.NASL", "CENTOS_RHSA-2020-3217.NASL", "CENTOS_RHSA-2020-5023.NASL", "CENTOS_RHSA-2020-5437.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DSA-4735.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1807.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-2502.NASL", "FEDORA_2019-83858FC57B.NASL", "FEDORA_2019-C03EDA3CC6.NASL", "FEDORA_2020-5A69DECC0C.NASL", "FEDORA_2020-C6B9FFF7F8.NASL", "GENTOO_GLSA-202104-05.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2021-3179.NASL", "OPENSUSE-2021-3205.NASL", "ORACLELINUX_ELSA-2020-5023.NASL", "ORACLELINUX_ELSA-2020-5508.NASL", "ORACLELINUX_ELSA-2020-5528.NASL", "ORACLELINUX_ELSA-2020-5533.NASL", "ORACLELINUX_ELSA-2020-5535.NASL", "ORACLELINUX_ELSA-2020-5691.NASL", "ORACLELINUX_ELSA-2020-5706.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5710.NASL", "ORACLELINUX_ELSA-2020-5714.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5782.NASL", "ORACLELINUX_ELSA-2020-5786.NASL", "ORACLELINUX_ELSA-2021-9164.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0310_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0311_GRUB2.NASL", "PHOTONOS_PHSA-2020-2_0-0266_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0267_GRUB2.NASL", "PHOTONOS_PHSA-2020-3_0-0052_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0100_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0119_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0177_LINUX.NASL", "REDHAT-RHSA-2020-2854.NASL", "REDHAT-RHSA-2020-3216.NASL", "REDHAT-RHSA-2020-3217.NASL", "REDHAT-RHSA-2020-3223.NASL", "REDHAT-RHSA-2020-3227.NASL", "REDHAT-RHSA-2020-5023.NASL", "REDHAT-RHSA-2020-5026.NASL", "REDHAT-RHSA-2020-5079.NASL", "REDHAT-RHSA-2020-5199.NASL", "REDHAT-RHSA-2020-5206.NASL", "REDHAT-RHSA-2020-5656.NASL", "SLACKWARE_SSA_2020-008-01.NASL", "SL_20201110_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-2073-1.NASL", "SUSE_SU-2020-2074-1.NASL", "SUSE_SU-2020-2076-1.NASL", "SUSE_SU-2020-2077-1.NASL", "SUSE_SU-2020-2078-1.NASL", "SUSE_SU-2020-2079-1.NASL", "SUSE_SU-2021-3179-1.NASL", "SUSE_SU-2021-3205-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3217-1.NASL", "UBUNTU_USN-4225-1.NASL", "UBUNTU_USN-4225-2.NASL", "UBUNTU_USN-4226-1.NASL", "UBUNTU_USN-4227-1.NASL", "UBUNTU_USN-4228-1.NASL", "UBUNTU_USN-4254-1.NASL", "UBUNTU_USN-4258-1.NASL", "UBUNTU_USN-4363-1.NASL", "UBUNTU_USN-4364-1.NASL", "UBUNTU_USN-4367-1.NASL", "UBUNTU_USN-4367-2.NASL", "UBUNTU_USN-4368-1.NASL", "UBUNTU_USN-4369-1.NASL", "UBUNTU_USN-4369-2.NASL", "UBUNTU_USN-4387-1.NASL", "UBUNTU_USN-4388-1.NASL", "UBUNTU_USN-4389-1.NASL", "UBUNTU_USN-4432-1.NASL", "UBUNTU_USN-4439-1.NASL", "UBUNTU_USN-4440-1.NASL", "UBUNTU_USN-4525-1.NASL", "UBUNTU_USN-4526-1.NASL", "UBUNTU_USN-4904-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844281", "OPENVAS:1361412562310844282", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310844284", "OPENVAS:1361412562310844298", "OPENVAS:1361412562310844314", "OPENVAS:1361412562310844316", "OPENVAS:1361412562310844433", "OPENVAS:1361412562310844434", "OPENVAS:1361412562310844438", "OPENVAS:1361412562310844439", "OPENVAS:1361412562310844443", "OPENVAS:1361412562310844448", "OPENVAS:1361412562310844451", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852891", "OPENVAS:1361412562310852917", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876484", "OPENVAS:1361412562310876488", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310877113", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877834", "OPENVAS:1361412562310877859", "OPENVAS:1361412562310877862", "OPENVAS:1361412562310877884", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310892068", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220192106", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201606"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3218", "ELSA-2020-3220", "ELSA-2020-4436", "ELSA-2020-5023", "ELSA-2020-5508", "ELSA-2020-5526", "ELSA-2020-5528", "ELSA-2020-5535", "ELSA-2020-5691", "ELSA-2020-5708", "ELSA-2020-5710", "ELSA-2020-5714", "ELSA-2020-5715", "ELSA-2020-5782", "ELSA-2020-5786", "ELSA-2020-5790", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2021-9140", "ELSA-2021-9164"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0236", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0046", "PHSA-2020-0267", "PHSA-2020-0282", "PHSA-2020-0288", "PHSA-2020-1.0-0274", "PHSA-2020-1.0-0279", "PHSA-2020-1.0-0287", "PHSA-2020-1.0-0290", "PHSA-2020-1.0-0292", "PHSA-2020-1.0-0297", "PHSA-2020-1.0-0303", "PHSA-2020-1.0-0310", "PHSA-2020-1.0-0311", "PHSA-2020-1.0-0323", "PHSA-2020-2.0-0212", "PHSA-2020-2.0-0230", "PHSA-2020-2.0-0239", "PHSA-2020-2.0-0246", "PHSA-2020-2.0-0266", "PHSA-2020-2.0-0267", "PHSA-2020-2.0-0282", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0120", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0177", "PHSA-2021-0399"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:4DA175A5FB10CC3E64B58AB0536688A4"]}, {"type": "redhat", "idList": ["RHSA-2020:3216", "RHSA-2020:3217", "RHSA-2020:3223", "RHSA-2020:3227", "RHSA-2020:3273", "RHSA-2020:3274", "RHSA-2020:3275", "RHSA-2020:3276", "RHSA-2020:4286", "RHSA-2020:5026", "RHSA-2021:0686"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0444", "RH:CVE-2020-14372", "RH:CVE-2020-25641", "RH:CVE-2020-35508"]}, {"type": "slackware", "idList": ["SSA-2020-008-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2021:3179-1", "OPENSUSE-SU-2021:3205-1", "OPENSUSE-SU-2021:3876-1"]}, {"type": "symantec", "idList": ["SMNTC-110895"]}, {"type": "thn", "idList": ["THN:885767C284ED14ED2B32F6713F9AA21F"]}, {"type": "threatpost", "idList": ["THREATPOST:17E00AD621A0ECD9F90FE97E083BF4AC", "THREATPOST:3073D5AD7F3554F422710689A9436CAA", "THREATPOST:D2BB5A9DDB021A7E256A4E0D8A6BDA55"]}, {"type": "ubuntu", "idList": ["LSN-0068-1", "USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4095-2", "USN-4147-1", "USN-4225-1", "USN-4225-2", "USN-4226-1", "USN-4227-1", "USN-4227-2", "USN-4228-1", "USN-4228-2", "USN-4254-1", "USN-4254-2", "USN-4258-1", "USN-4363-1", "USN-4364-1", "USN-4367-1", "USN-4367-2", "USN-4368-1", "USN-4369-1", "USN-4369-2", "USN-4387-1", "USN-4389-1", "USN-4432-1", "USN-4525-1", "USN-4526-1", "USN-4660-1", "USN-4680-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15917", "UB:CVE-2019-15925", "UB:CVE-2019-16231", "UB:CVE-2019-16233", "UB:CVE-2019-18808", "UB:CVE-2019-18809", "UB:CVE-2019-19046", "UB:CVE-2019-19056", "UB:CVE-2019-19062", "UB:CVE-2019-19063", "UB:CVE-2019-19068", "UB:CVE-2019-19072", "UB:CVE-2019-19319", "UB:CVE-2019-19332", "UB:CVE-2019-19447", "UB:CVE-2019-19524", "UB:CVE-2019-19533", "UB:CVE-2019-19543", "UB:CVE-2019-19602", "UB:CVE-2019-19767", "UB:CVE-2019-19770", "UB:CVE-2019-20054", "UB:CVE-2019-20636", "UB:CVE-2019-9455", "UB:CVE-2019-9458", "UB:CVE-2020-0305", "UB:CVE-2020-0444", "UB:CVE-2020-10713", "UB:CVE-2020-10732", "UB:CVE-2020-10751", "UB:CVE-2020-10773", "UB:CVE-2020-10942", "UB:CVE-2020-11565", "UB:CVE-2020-11668", "UB:CVE-2020-12465", "UB:CVE-2020-12655", "UB:CVE-2020-12659", "UB:CVE-2020-12770", "UB:CVE-2020-12826", "UB:CVE-2020-14331", "UB:CVE-2020-14381", "UB:CVE-2020-14385", "UB:CVE-2020-14386", "UB:CVE-2020-25641", "UB:CVE-2020-8647", "UB:CVE-2020-8648", "UB:CVE-2020-8649"]}, {"type": "virtuozzo", "idList": ["VZA-2020-036", "VZA-2020-037"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-12614", "epss": "0.000460000", "percentile": "0.140210000", "modified": "2023-03-16"}, {"cve": "CVE-2019-15917", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-15925", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2019-16231", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-16233", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-18808", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-18809", "epss": "0.002590000", "percentile": "0.618470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19046", "epss": "0.003180000", "percentile": "0.657690000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19056", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19062", "epss": "0.000460000", "percentile": "0.140210000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19063", "epss": "0.001380000", "percentile": "0.476340000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19068", "epss": "0.002180000", "percentile": "0.579860000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19072", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19319", "epss": "0.000980000", "percentile": "0.393580000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19332", "epss": "0.000650000", "percentile": "0.265810000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19447", "epss": "0.002560000", "percentile": "0.616920000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19524", "epss": "0.002350000", "percentile": "0.598340000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19533", "epss": "0.001180000", "percentile": "0.440810000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19537", "epss": "0.001370000", "percentile": "0.474400000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19543", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19602", "epss": "0.000800000", "percentile": "0.327120000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19767", "epss": "0.001880000", "percentile": "0.545360000", "modified": "2023-03-16"}, {"cve": "CVE-2019-19770", "epss": "0.002260000", "percentile": "0.590360000", "modified": "2023-03-16"}, {"cve": "CVE-2019-20054", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-20636", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2019-9455", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2019-9458", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-0305", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-0444", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10713", "epss": "0.000680000", "percentile": "0.278690000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10732", "epss": "0.000500000", "percentile": "0.171210000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10751", "epss": "0.000500000", "percentile": "0.171210000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10773", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10774", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10942", "epss": "0.000620000", "percentile": "0.245510000", "modified": "2023-03-16"}, {"cve": "CVE-2020-11565", "epss": "0.000480000", "percentile": "0.148380000", "modified": "2023-03-16"}, {"cve": "CVE-2020-11668", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2020-12465", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-12655", "epss": "0.000460000", "percentile": "0.139790000", "modified": "2023-03-16"}, {"cve": "CVE-2020-12659", "epss": "0.000800000", "percentile": "0.326320000", "modified": "2023-03-16"}, {"cve": "CVE-2020-12770", "epss": "0.000470000", "percentile": "0.140890000", "modified": "2023-03-16"}, {"cve": "CVE-2020-12826", "epss": "0.000520000", "percentile": "0.182910000", "modified": "2023-03-16"}, {"cve": "CVE-2020-14331", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-14381", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-14385", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2020-14386", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2020-25641", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-8647", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2020-8648", "epss": "0.000760000", "percentile": "0.306570000", "modified": "2023-03-16"}, {"cve": "CVE-2020-8649", "epss": "0.000580000", "percentile": "0.225380000", "modified": "2023-03-16"}], "vulnersScore": 0.4}, "affectedPackage": [{"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-4.18.0-240.el8.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "bpftool-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-cross-headers-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-cross-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-headers-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-tools-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-tools-libs-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-tools-libs-devel-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "perf-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-240.el8", "packageFilename": "python3-perf-4.18.0-240.el8.aarch64.rpm", "operator": "lt", "packageName": "python3-perf"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-4.18.0-240.el8.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "bpftool-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-abi-whitelists-4.18.0-240.el8.noarch.rpm", "operator": "lt", "packageName": "kernel-abi-whitelists"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-core-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-cross-headers-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-cross-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-debug-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-debug-core-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-debug-devel-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-debug-modules-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-modules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-debug-modules-extra-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-modules-extra"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-devel-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-doc-4.18.0-240.el8.noarch.rpm", "operator": "lt", "packageName": "kernel-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-headers-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-modules-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-modules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-modules-extra-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-modules-extra"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-tools-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-tools-libs-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "kernel-tools-libs-devel-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "perf-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-240.el8", "packageFilename": "python3-perf-4.18.0-240.el8.x86_64.rpm", "operator": "lt", "packageName": "python3-perf"}], "_state": {"dependencies": 1660032824, "score": 1698842189, "epss": 1679073339}, "_internal": {"score_hash": "b9e268dd838cb820496893ba5ca4b325"}}

{"nessus": [{"lastseen": "2023-05-18T15:24:59", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4609 advisory.\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2020:4609)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2021-3715"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2020-4609.NASL", "href": "https://www.tenable.com/plugins/nessus/142382", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4609. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142382);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4609\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2020:4609)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4609 advisory.\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c\n (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a\n DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-\n dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure\n (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features\n (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data\n coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1784130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1839634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1874311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1881424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1993988\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 119, 200, 349, 362, 400, 401, 416, 476, 772, 787, 805, 835, 908, 909);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2020-0305', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641', 'CVE-2021-3715');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:4609');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.rt7.54.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.rt7.54.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:44", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2020:4431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2020-4431.NASL", "href": "https://www.tenable.com/plugins/nessus/145806", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145806);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10773\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12465\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_bugtraq_id(108550);\n script_xref(name:\"RHSA\", value:\"2020:4431\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2020:4431)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c\n (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a\n DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-\n dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure\n (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features\n (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c\n (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data\n coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4431\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-12614', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2020-0305', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10773', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12465', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2020:4431');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:31:19", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4431 advisory.\n\n - In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9455)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n (CVE-2019-15925)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. (CVE-2019-18809)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID- db8fd2cde932. (CVE-2019-19056)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. (CVE-2019-19068)\n\n - A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.\n (CVE-2019-19072)\n\n - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. (CVE-2019-19319)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. (CVE-2019-19543)\n\n - fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.\n (CVE-2019-19602)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767)\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 (CVE-2020-0305)\n\n - In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel (CVE-2020-0444)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. (CVE-2020-10773)\n\n - A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10774)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. (CVE-2020-12465)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out- of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.\n (CVE-2020-12659)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. (CVE-2020-12826)\n\n - A flaw was found in the Linux kernel's futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14381)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2020:4431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "modified": "2023-11-10T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-whitelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-4431.NASL", "href": "https://www.tenable.com/plugins/nessus/157698", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:4431.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157698);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/10\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19602\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-0444\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10773\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12465\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_xref(name:\"ALSA\", value:\"2020:4431\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2020:4431)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2020:4431 advisory.\n\n - In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This\n could lead to local information disclosure with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9455)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function\n hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n (CVE-2019-15925)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux\n kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka\n CID-2289adbfa559. (CVE-2019-18809)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-\n db8fd2cde932. (CVE-2019-19056)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers\n to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka\n CID-a2cdd07488e6. (CVE-2019-19068)\n\n - A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.\n (CVE-2019-19072)\n\n - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a\n slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when\n a large old_size value is used in a memset call, aka CID-345c0dbf3a30. (CVE-2019-19319)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in\n drivers/media/rc/serial_ir.c. (CVE-2019-19543)\n\n - fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is\n used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have\n unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling\n of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.\n (CVE-2019-19602)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors\n in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163. (CVE-2019-19767)\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to\n local escalation of privilege with System execution privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 (CVE-2020-0305)\n\n - In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in\n audit_data_to_entry. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-150693166References: Upstream kernel (CVE-2020-0444)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the\n kernel data. (CVE-2020-10773)\n\n - A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl\n subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read\n uninitialized values from the kernel memory. The highest threat from this vulnerability is to\n confidentiality. (CVE-2020-10774)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the\n Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can\n corrupt memory of adjacent pages. (CVE-2020-12465)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-\n of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.\n (CVE-2020-12659)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a\n do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in\n a different security domain. Exploitation limitations include the amount of elapsed time before an integer\n overflow occurs, and the lack of scenarios where signals to a parent process present a substantial\n operational threat. (CVE-2020-12826)\n\n - A flaw was found in the Linux kernel's futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-4431.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-12614', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19602', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2020-0305', 'CVE-2020-0444', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10773', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12465', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2020:4431');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:45:58", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4431 advisory.\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. (CVE-2019-18809)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID- db8fd2cde932. (CVE-2019-19056)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767)\n\n - An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. (CVE-2020-12465)\n\n - An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out- of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.\n (CVE-2020-12659)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. (CVE-2020-12826)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel (CVE-2020-0444)\n\n - A flaw was found in the Linux kernel's futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14381)\n\n - In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9455)\n\n - A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. (CVE-2019-19068)\n\n - A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.\n (CVE-2019-19072)\n\n - A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10774)\n\n - An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n (CVE-2019-15925)\n\n - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. (CVE-2019-19319)\n\n - In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. (CVE-2019-19543)\n\n - fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.\n (CVE-2019-19602)\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 (CVE-2020-0305)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. (CVE-2020-10773)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2020-4431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2020-4431.NASL", "href": "https://www.tenable.com/plugins/nessus/180891", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4431.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180891);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19602\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-0444\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10773\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12465\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2020-4431)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4431 advisory.\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux\n kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka\n CID-2289adbfa559. (CVE-2019-18809)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-\n db8fd2cde932. (CVE-2019-19056)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors\n in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163. (CVE-2019-19767)\n\n - An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the\n Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can\n corrupt memory of adjacent pages. (CVE-2020-12465)\n\n - An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-\n of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.\n (CVE-2020-12659)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a\n do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in\n a different security domain. Exploitation limitations include the amount of elapsed time before an integer\n overflow occurs, and the lack of scenarios where signals to a parent process present a substantial\n operational threat. (CVE-2020-12826)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in\n audit_data_to_entry. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-150693166References: Upstream kernel (CVE-2020-0444)\n\n - A flaw was found in the Linux kernel's futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This\n could lead to local information disclosure with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9455)\n\n - A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers\n to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka\n CID-a2cdd07488e6. (CVE-2019-19068)\n\n - A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.\n (CVE-2019-19072)\n\n - A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl\n subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read\n uninitialized values from the kernel memory. The highest threat from this vulnerability is to\n confidentiality. (CVE-2020-10774)\n\n - An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function\n hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n (CVE-2019-15925)\n\n - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a\n slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when\n a large old_size value is used in a memset call, aka CID-345c0dbf3a30. (CVE-2019-19319)\n\n - In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in\n drivers/media/rc/serial_ir.c. (CVE-2019-19543)\n\n - fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is\n used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have\n unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling\n of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.\n (CVE-2019-19602)\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to\n local escalation of privilege with System execution privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 (CVE-2020-0305)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the\n kernel data. (CVE-2020-10773)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4431.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-240.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-4431');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-4.18.0'},\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:25", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: cached use of fpu_fpregs_owner_ctx in arch/x86/include/asm/fpu/internal.h can lead to DoS (CVE-2019-19602)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: af_packet: TPACKET_V3: invalid timer timeout on error (CVE-2019-20812)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:4431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-20812", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2021-3715"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2020-4431.NASL", "href": "https://www.tenable.com/plugins/nessus/142430", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10773\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12465\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_bugtraq_id(108550);\n script_xref(name:\"RHSA\", value:\"2020:4431\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:4431)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c\n (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a\n DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-\n dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: cached use of fpu_fpregs_owner_ctx in arch/x86/include/asm/fpu/internal.h can lead to DoS\n (CVE-2019-19602)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: af_packet: TPACKET_V3: invalid timer timeout on error (CVE-2019-20812)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure\n (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features\n (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c\n (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data\n coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1718176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1784130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1784572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1839634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1874311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1881424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1993988\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 99, 119, 120, 200, 244, 349, 362, 400, 401, 416, 476, 626, 672, 772, 787, 805, 835, 908, 909);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-12614', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19602', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2019-20812', 'CVE-2020-0305', 'CVE-2020-0444', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10773', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12465', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641', 'CVE-2021-3715');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:4431');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-240.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-240.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:34:53", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n (CVE-2019-15925)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. (CVE-2019-19319)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. (CVE-2019-19543)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-12351)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. (CVE-2020-12352)\n\n - An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out- of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.\n (CVE-2020-12659)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-14386)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15925", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19524", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-20636", "CVE-2019-9458", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-14331", "CVE-2020-14386", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "modified": "2022-05-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/147318", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0078. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147318);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-9458\",\n \"CVE-2019-15925\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19524\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-20636\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-14331\",\n \"CVE-2020-14386\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function\n hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n (CVE-2019-15925)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a\n slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when\n a large old_size value is used in a memset call, aka CID-345c0dbf3a30. (CVE-2019-19319)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in\n drivers/media/rc/serial_ir.c. (CVE-2019-19543)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of\n privilege via adjacent access. (CVE-2020-12351)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2020-12352)\n\n - An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-\n of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.\n (CVE-2020-12659)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest threat from this vulnerability is to data\n confidentiality and integrity. (CVE-2020-14386)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0078\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14386\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-abi-whitelists-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-cross-headers-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-core-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-devel-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-modules-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debug-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-ipaclones-internal-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-selftests-internal-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-sign-keys-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'kernel-tools-libs-devel-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'perf-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f',\n 'python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.12.326.ga88c06e1f'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:05", "description": "Security Fix(es) :\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-12614", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14305", "CVE-2020-1749", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141727);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2017-18551\", \"CVE-2018-20836\", \"CVE-2019-12614\", \"CVE-2019-15217\", \"CVE-2019-15807\", \"CVE-2019-15917\", \"CVE-2019-16231\", \"CVE-2019-16233\", \"CVE-2019-16994\", \"CVE-2019-17053\", \"CVE-2019-18808\", \"CVE-2019-19046\", \"CVE-2019-19055\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19332\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19530\", \"CVE-2019-19534\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19807\", \"CVE-2019-20054\", \"CVE-2019-20095\", \"CVE-2019-20636\", \"CVE-2019-9454\", \"CVE-2019-9458\", \"CVE-2020-10690\", \"CVE-2020-10732\", \"CVE-2020-10742\", \"CVE-2020-10751\", \"CVE-2020-10942\", \"CVE-2020-11565\", \"CVE-2020-12770\", \"CVE-2020-12826\", \"CVE-2020-14305\", \"CVE-2020-1749\", \"CVE-2020-2732\", \"CVE-2020-8647\", \"CVE-2020-8649\", \"CVE-2020-9383\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - kernel: use-after-free in sound/core/timer.c\n (CVE-2019-19807)\n\n - kernel: out of bounds write in function\n i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and\n smp_task_done() in drivers/scsi/libsas/sas_expander.c\n leads to use-after-free (CVE-2018-20836)\n\n - kernel: out of bounds write in i2c driver leads to local\n escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the\n video driver leads to local privilege escalation\n (CVE-2019-9458)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=19779\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be3180c5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1160.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1160.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:08:31", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4062 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n - kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)\n\n - kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (CVE-2019-19530)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic (CVE-2020-10742)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2020:4062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14305", "CVE-2020-1749", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2020-4062.NASL", "href": "https://www.tenable.com/plugins/nessus/141026", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4062. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141026);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2018-20836\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16994\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20636\",\n \"CVE-2020-1749\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14305\"\n );\n script_bugtraq_id(108196);\n script_xref(name:\"RHSA\", value:\"2020:4062\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2020:4062)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4062 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c\n leads to use-after-free (CVE-2018-20836)\n\n - kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)\n\n - kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS\n (CVE-2019-19055)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c\n allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver\n (CVE-2019-19530)\n\n - kernel: information leak bug caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open\n (CVE-2020-10690)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic\n (CVE-2020-10742)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1745528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1747216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1805135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1809833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1810685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835127\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1839634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850716\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 119, 121, 125, 200, 250, 319, 349, 362, 400, 401, 416, 476, 772, 787, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2018-20836', 'CVE-2019-9454', 'CVE-2019-9458', 'CVE-2019-15217', 'CVE-2019-15807', 'CVE-2019-15917', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-16994', 'CVE-2019-17053', 'CVE-2019-17055', 'CVE-2019-18808', 'CVE-2019-19046', 'CVE-2019-19055', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19523', 'CVE-2019-19524', 'CVE-2019-19530', 'CVE-2019-19534', 'CVE-2019-19537', 'CVE-2019-19767', 'CVE-2019-19807', 'CVE-2019-20054', 'CVE-2019-20095', 'CVE-2019-20636', 'CVE-2020-1749', 'CVE-2020-2732', 'CVE-2020-8647', 'CVE-2020-8649', 'CVE-2020-9383', 'CVE-2020-10690', 'CVE-2020-10732', 'CVE-2020-10742', 'CVE-2020-10751', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14305');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:4062');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.rt56.1131.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.rt56.1131.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:43:10", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4060 advisory.\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. (CVE-2019-16994)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. (CVE-2019-20095)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. (CVE-2020-10690)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. (CVE-2019-19807)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. (CVE-2020-10742)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. (CVE-2020-12826)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2020-4060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-12614", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14305", "CVE-2020-1749", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-4060.NASL", "href": "https://www.tenable.com/plugins/nessus/180975", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4060.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180975);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2018-20836\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16994\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20636\",\n \"CVE-2020-1749\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14305\"\n );\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2020-4060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4060 advisory.\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an\n out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when\n register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka\n CID-07f12b26e21a. (CVE-2019-16994)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has\n some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will\n cause a memory leak and denial of service. (CVE-2019-20095)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN\n and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't\n correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would\n allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors\n in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163. (CVE-2019-19767)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device\n file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed,\n it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the\n inode. (CVE-2020-10690)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code\n refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The\n timeri variable was originally intended to be for a newly created timer instance, but was used for a\n different purpose after refactoring. (CVE-2019-19807)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or\n dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS\n client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause\n a kernel panic. The highest threat from this vulnerability is to data confidentiality and system\n availability. (CVE-2020-10742)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of\n this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a\n do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in\n a different security domain. Exploitation limitations include the amount of elapsed time before an integer\n overflow occurs, and the lack of scenarios where signals to a parent process present a substantial\n operational threat. (CVE-2020-12826)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4060.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-4060');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-abi-whitelists-3.10.0-1160.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'bpftool-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:13", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4060 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)\n\n - kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (CVE-2019-19530)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic (CVE-2020-10742)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:4060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-12614", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14305", "CVE-2020-1749", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-4060.NASL", "href": "https://www.tenable.com/plugins/nessus/141057", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4060. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141057);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2018-20836\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16994\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20636\",\n \"CVE-2020-1749\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14305\"\n );\n script_bugtraq_id(108196, 108550);\n script_xref(name:\"RHSA\", value:\"2020:4060\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:4060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4060 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c\n leads to use-after-free (CVE-2018-20836)\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)\n\n - kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS\n (CVE-2019-19055)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c\n allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver\n (CVE-2019-19530)\n\n - kernel: information leak bug caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open\n (CVE-2020-10690)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic\n (CVE-2020-10742)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1718176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1745528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1747216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1805135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1809833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1810685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835127\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1839634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850716\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 119, 121, 125, 200, 250, 319, 349, 362, 400, 401, 416, 476, 772, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2018-20836', 'CVE-2019-9454', 'CVE-2019-9458', 'CVE-2019-12614', 'CVE-2019-15217', 'CVE-2019-15807', 'CVE-2019-15917', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-16994', 'CVE-2019-17053', 'CVE-2019-17055', 'CVE-2019-18808', 'CVE-2019-19046', 'CVE-2019-19055', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19523', 'CVE-2019-19524', 'CVE-2019-19530', 'CVE-2019-19534', 'CVE-2019-19537', 'CVE-2019-19767', 'CVE-2019-19807', 'CVE-2019-20054', 'CVE-2019-20095', 'CVE-2019-20636', 'CVE-2020-1749', 'CVE-2020-2732', 'CVE-2020-8647', 'CVE-2020-8649', 'CVE-2020-9383', 'CVE-2020-10690', 'CVE-2020-10732', 'CVE-2020-10742', 'CVE-2020-10751', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14305');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:4060');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:51", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4060 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)\n\n - kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (CVE-2019-19530)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic (CVE-2020-10742)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:4060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-12614", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14305", "CVE-2020-1749", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-4060.NASL", "href": "https://www.tenable.com/plugins/nessus/141619", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4060 and\n# CentOS Errata and Security Advisory 2020:4060 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141619);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2018-20836\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16994\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20636\",\n \"CVE-2020-1749\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14305\"\n );\n script_bugtraq_id(108196, 108550);\n script_xref(name:\"RHSA\", value:\"2020:4060\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:4060)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4060 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c\n leads to use-after-free (CVE-2018-20836)\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)\n\n - kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS\n (CVE-2019-19055)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c\n allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver\n (CVE-2019-19530)\n\n - kernel: information leak bug caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open\n (CVE-2020-10690)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic\n (CVE-2020-10742)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\n - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012745.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5e7544c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/94.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/349.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 94, 119, 121, 125, 200, 250, 319, 349, 362, 400, 401, 416, 476, 772, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.el7', 'release':'CentOS-7'},\n {'reference':'kernel-debug-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-debug-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'kernel-headers-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-tools-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-tools-libs-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'perf-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'python-perf-3.10.0-1160.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:10", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2854 advisory.\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\n - Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption (CVE-2020-8834)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2020:2854)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16884", "CVE-2019-11811", "CVE-2019-15917", "CVE-2019-18808", "CVE-2019-19062", "CVE-2019-19767", "CVE-2019-20636", "CVE-2019-9458", "CVE-2020-10720", "CVE-2020-11565", "CVE-2020-12888", "CVE-2020-8834"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-2854.NASL", "href": "https://www.tenable.com/plugins/nessus/143086", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2854. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143086);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-16884\",\n \"CVE-2019-9458\",\n \"CVE-2019-11811\",\n \"CVE-2019-15917\",\n \"CVE-2019-18808\",\n \"CVE-2019-19062\",\n \"CVE-2019-19767\",\n \"CVE-2019-20636\",\n \"CVE-2020-8834\",\n \"CVE-2020-10720\",\n \"CVE-2020-11565\",\n \"CVE-2020-12888\"\n );\n script_bugtraq_id(106253, 108410);\n script_xref(name:\"RHSA\", value:\"2020:2854\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:2854)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2854 advisory.\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c\n (CVE-2019-11811)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\n - Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption\n (CVE-2020-8834)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1660375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1836244\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-20636\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 248, 362, 400, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-16884', 'CVE-2019-9458', 'CVE-2019-11811', 'CVE-2019-15917', 'CVE-2019-18808', 'CVE-2019-19062', 'CVE-2019-19767', 'CVE-2019-20636', 'CVE-2020-8834', 'CVE-2020-10720', 'CVE-2020-11565', 'CVE-2020-12888');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:2854');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.14.0-115.26.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.0-115.26.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:53", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15217", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19062", "CVE-2019-19332", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-9458", "CVE-2020-11565", "CVE-2020-14331", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2022-05-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/149336", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0025. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149336);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-9458\",\n \"CVE-2019-15217\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19062\",\n \"CVE-2019-19332\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-11565\",\n \"CVE-2020-14331\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0025\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14331\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9383\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:36:41", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. (CVE-2019-19807)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2021-0169)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2019-15917", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19332", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19807", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-14305", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:bpftool", "p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_main:bpftool", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:python-perf", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/154525", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0169. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154525);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-15917\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19332\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19807\",\n \"CVE-2019-20636\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-11565\",\n \"CVE-2020-12770\",\n \"CVE-2020-14305\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2021-0169)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an\n out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of\n this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code\n refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The\n timeri variable was originally intended to be for a newly created timer instance, but was used for a\n different purpose after refactoring. (CVE-2019-19807)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS\n client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause\n a kernel panic. The highest threat from this vulnerability is to data confidentiality and system\n availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0169\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19055\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19523\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19530\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19534\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19807\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-10742\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14305\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-2732\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-9383\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-core-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.275.ge2a4ecc.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.312.gc682c7e'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:35", "description": "This update for the Linux Kernel 4.4.180-94_113 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n\nCVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).\n\nCVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n\nCVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n\nCVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869).\n\nCVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2498-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14895", "CVE-2019-16746", "CVE-2019-19447", "CVE-2019-9458", "CVE-2020-11668", "CVE-2020-14331"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2498-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2498-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140382);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2019-14895\", \"CVE-2019-16746\", \"CVE-2019-19447\", \"CVE-2019-9458\", \"CVE-2020-11668\", \"CVE-2020-14331\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2498-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.180-94_113 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-14331: Fixed a buffer over-write in vgacon_scroll\n(bsc#1174247).\n\nCVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c\n(bsc#1173659).\n\nCVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n\nCVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera\nUSB driver (bsc#1173942).\n\nCVE-2019-19447: Fixed a use-after-free in ext4_put_super\n(bsc#1173869).\n\nCVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi\ndriver (bsc#1173100).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11668/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14331/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202498-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bb8f384\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2498=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2498=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16746\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_113-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_113-default-debuginfo-6-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5656 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:5656)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-19046", "CVE-2019-19447", "CVE-2019-20636", "CVE-2019-9454", "CVE-2020-12770"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-5656.NASL", "href": "https://www.tenable.com/plugins/nessus/144554", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5656. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144554);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2017-18551\",\n \"CVE-2018-20836\",\n \"CVE-2019-9454\",\n \"CVE-2019-19046\",\n \"CVE-2019-19447\",\n \"CVE-2019-20636\",\n \"CVE-2020-12770\"\n );\n script_bugtraq_id(108196);\n script_xref(name:\"RHSA\", value:\"2020:5656\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:5656)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5656 advisory.\n\n - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c\n (CVE-2017-18551)\n\n - kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c\n leads to use-after-free (CVE-2018-20836)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1818818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 362, 400, 401, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-18551', 'CVE-2018-20836', 'CVE-2019-9454', 'CVE-2019-19046', 'CVE-2019-19447', 'CVE-2019-20636', 'CVE-2020-12770');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:5656');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.65.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.65.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:40", "description": "This update for the Linux Kernel 4.4.121-92_125 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n\nCVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).\n\nCVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n\nCVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n\nCVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869).\n\nCVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661).\n\nCVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2492-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14895", "CVE-2019-14901", "CVE-2019-16746", "CVE-2019-19447", "CVE-2019-9458", "CVE-2020-11668", "CVE-2020-14331"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_125-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2492-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140380", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2492-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140380);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2019-14895\", \"CVE-2019-14901\", \"CVE-2019-16746\", \"CVE-2019-19447\", \"CVE-2019-9458\", \"CVE-2020-11668\", \"CVE-2020-14331\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2492-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.121-92_125 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-14331: Fixed a buffer over-write in vgacon_scroll\n(bsc#1174247).\n\nCVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c\n(bsc#1173659).\n\nCVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n\nCVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera\nUSB driver (bsc#1173942).\n\nCVE-2019-19447: Fixed a use-after-free in ext4_put_super\n(bsc#1173869).\n\nCVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver\n(bsc#1173661).\n\nCVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi\ndriver (bsc#1173100).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11668/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14331/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202492-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c621558a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2492=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2492=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_125-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_125-default-7-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:24:34", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-008-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12614", "CVE-2019-15291", "CVE-2019-15917", "CVE-2019-18660", "CVE-2019-18683", "CVE-2019-19057", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19227", "CVE-2019-19332", "CVE-2019-19338", "CVE-2019-19524"], "modified": "2020-02-28T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-008-01.NASL", "href": "https://www.tenable.com/plugins/nessus/132741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-008-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/28\");\n\n script_cve_id(\"CVE-2019-12614\", \"CVE-2019-15291\", \"CVE-2019-15917\", \"CVE-2019-18660\", \"CVE-2019-18683\", \"CVE-2019-19057\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19338\", \"CVE-2019-19524\");\n script_xref(name:\"SSA\", value:\"2020-008-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-008-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.705204\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?771b541a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18683\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.208\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.208_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.208_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.208\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.208_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.208\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.208_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.208_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.208\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.208\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.208\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.208\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.208\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T00:33:36", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4332 advisory.\n\n - kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)\n\n - kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-23T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2020:4332)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14385", "CVE-2020-14386"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_0_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_0_3", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_13_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_20_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_24_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_27_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_3_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_5_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_8_1"], "id": "REDHAT-RHSA-2020-4332.NASL", "href": "https://www.tenable.com/plugins/nessus/170325", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4332. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170325);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-14385\", \"CVE-2020-14386\");\n script_xref(name:\"RHSA\", value:\"2020:4332\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2020:4332)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4332 advisory.\n\n - kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be\n flagged as corrupt (CVE-2020-14385)\n\n - kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1874800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1875699\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(131, 250, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_0_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_0_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_13_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_20_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_24_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_27_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_3_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_8_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-147.el8.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147-1-18.el8', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.el8.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147-1-18.el8', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.0.2.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_0_2-1-14.el8', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.0.2.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_0_2-1-14.el8', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.0.3.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_0_3-1-14.el8', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.0.3.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_0_3-1-14.el8', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.13.2.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_13_2-1-5.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.13.2.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_13_2-1-5.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.20.1.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_20_1-1-4.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.20.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_20_1-1-4.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.24.2.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_24_2-1-2.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.24.2.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_24_2-1-2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.27.1.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_27_1-1-2.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.27.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_27_1-1-2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.3.1.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_3_1-1-14.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.3.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_3_1-1-14.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.5.1.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_5_1-1-9.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.5.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_5_1-1-9.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.8.1.el8_1.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_8_1-1-7.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.8.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_8_1-1-7.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-147 / kpatch-patch-4_18_0-147_0_2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:45:17", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4286 advisory.\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-14386)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. (CVE-2020-12352)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-12351)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2020-4286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14331", "CVE-2020-14385", "CVE-2020-14386"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool"], "id": "ORACLELINUX_ELSA-2020-4286.NASL", "href": "https://www.tenable.com/plugins/nessus/141777", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4286.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141777);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14331\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2020-4286)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4286 advisory.\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest threat from this vulnerability is to data\n confidentiality and integrity. (CVE-2020-14386)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2020-12352)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of\n privilege via adjacent access. (CVE-2020-12351)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4286.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14386\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, '