{"id": "ELSA-2022-7683", "vendorId": null, "type": "oraclelinux", "bulletinFamily": "unix", "title": "kernel security, bug fix, and enhancement update", "description": "[4.18.0-425.3.1.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]\n[4.18.0-425.3.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]\n- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]\n- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]\n- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]\n- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]\n- netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]\n- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]\n- netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]\n- netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]\n- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]\n- iavf: Detach device during reset task (Petr Oros) [2069206]\n[4.18.0-425.2.1]\n- EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]\n[4.18.0-425.1.1]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]\n- redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]\n[4.18.0-425]\n- EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]\n- EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]\n[4.18.0-424]\n- redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]\n- ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]\n- serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]\n- serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]\n- spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]\n- spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]\n- spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]\n- spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]\n- ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]\n- spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]\n- spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]\n- spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]\n- spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]\n- spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]\n- spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]\n- spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]\n- spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]\n- spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]\n- spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]\n- spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]\n- spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]\n- spi: Reduce kthread priority (Jaroslav Kysela) [2005073]\n- spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]\n- i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]\n- nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]\n- iavf: Fix reset error handling (Petr Oros) [2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2119759]\n- iavf: Fix missing state logs (Petr Oros) [2119759]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]\n[4.18.0-423]\n- netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]\n- net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]\n- net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]\n- net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]\n- net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]\n- net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]\n- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]\n- net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]\n- net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]\n- net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]\n- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]\n- net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]\n- net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]\n- net/mlx5: fix typo in comment (Amir Tzin) [2049440]\n- IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]\n- net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]\n- net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]\n- net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]\n- net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]\n- net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]\n- net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]\n- net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]\n- net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]\n- net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]\n- net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]\n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]\n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]\n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]\n- RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]\n- RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]\n- net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]\n- net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]\n- net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]\n- net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]\n- net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]\n- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]\n- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]\n- net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]\n- net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]\n- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]\n- net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]\n- net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]\n- net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]\n- net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]\n- net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]\n- net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]\n- net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]\n- net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]\n- net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]\n- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]\n- net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]\n- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]\n- net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]\n- net/mlx5: Add pages debugfs (Amir Tzin) [2049440]\n- net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]\n- net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]\n- net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]\n- net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]\n- mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]\n- net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]\n- net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]\n- net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]\n- net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]\n- net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]\n- net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]\n- net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]\n- RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]\n- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]\n- net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]\n- net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]\n- net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]\n- net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]\n- net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]\n- net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]\n- net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]\n- net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]\n- net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]\n- mlx5: remove unused static inlines (Amir Tzin) [2049440]\n- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]\n- RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]\n- RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]\n- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]\n- net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]\n- net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]\n- net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]\n- net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]\n- net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]\n- net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]\n- net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]\n- net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]\n- net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]\n- net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]\n- net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]\n- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]\n- net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]\n- net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]\n- net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]\n- net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]\n- net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]\n- net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]\n- net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]\n- net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]\n- net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]\n- net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}\n- net: let flow have same hash in two directions (Ivan Vecera) [2111094]\n- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]\n- net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]\n- ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use a more suitable label name (Ivan Vecera) [2111094]\n- ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]\n- selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]\n- ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]\n- selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]\n- ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]\n- ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]\n- net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]\n- route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]\n[4.18.0-422]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]\n- rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]\n- redhat: add ca7 to redhat/git/files (Jarod Wilson)", "published": "2022-11-15T00:00:00", "modified": "2022-11-15T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "http://linux.oracle.com/errata/ELSA-2022-7683.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "immutableFields": [], "lastseen": "2022-11-15T15:26:06", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7683"]}, {"type": "altlinux", "idList": ["3389D346758499949D2E8B5AA776BFA2", "69D1753D74C2782AF5C4B3E24536D125"]}, {"type": "amazon", "idList": ["ALAS-2022-1571", "ALAS-2022-1577", "ALAS-2022-1591", "ALAS-2022-1604", "ALAS-2022-1636", "ALAS2-2021-1727", "ALAS2-2022-1761", "ALAS2-2022-1768", "ALAS2-2022-1793", "ALAS2-2022-1798", "ALAS2-2022-1813", "ALAS2-2022-1838", "ALAS2-2022-1852"]}, {"type": "avleonov", "idList": ["AVLEONOV:75C789BDAA68C1C2CEC0F20F1D138B01"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0538F4CFFE2DC3D3EAD148EB582C7732", "CFOUNDRY:2CDD25366BE0641E458C6D26C93FAFCB", "CFOUNDRY:BD43D191F1913B0416A737C28EAC643D", "CFOUNDRY:DBB07350F947C0F70F7FE502A4A24A35", "CFOUNDRY:E504C95A1FDEC99C8FA5C726FB6DEA76", "CFOUNDRY:FD7245C3742F24986DE3C2791BDAC899"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650377026", "CLSA-2022:1650377052"]}, {"type": "cnvd", "idList": ["CNVD-2022-17770", "CNVD-2022-55071", "CNVD-2022-68615", "CNVD-2022-69196"]}, {"type": "cve", "idList": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-1972", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2940-1:FB71D", "DEBIAN:DLA-2941-1:96084", "DEBIAN:DLA-3065-1:C1710", "DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DLA-3173-1:82909", "DEBIAN:DSA-5092-1:463D4", "DEBIAN:DSA-5095-1:31FF6", "DEBIAN:DSA-5096-1:B47F5", "DEBIAN:DSA-5127-1:B6959", "DEBIAN:DSA-5161-1:2800F", "DEBIAN:DSA-5173-1:5A28E", "DEBIAN:DSA-5207-1:0D465", "DEBIAN:DSA-5257-1:DB743"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-36516", "DEBIANCVE:CVE-2020-36558", "DEBIANCVE:CVE-2021-30002", "DEBIANCVE:CVE-2021-3640", "DEBIANCVE:CVE-2022-0168", "DEBIANCVE:CVE-2022-0617", "DEBIANCVE:CVE-2022-0854", "DEBIANCVE:CVE-2022-1016", "DEBIANCVE:CVE-2022-1048", "DEBIANCVE:CVE-2022-1055", "DEBIANCVE:CVE-2022-1184", "DEBIANCVE:CVE-2022-1852", "DEBIANCVE:CVE-2022-20368", "DEBIANCVE:CVE-2022-2078", "DEBIANCVE:CVE-2022-21499", "DEBIANCVE:CVE-2022-23960", "DEBIANCVE:CVE-2022-24448", "DEBIANCVE:CVE-2022-2586", "DEBIANCVE:CVE-2022-26373", "DEBIANCVE:CVE-2022-2639", "DEBIANCVE:CVE-2022-27950", "DEBIANCVE:CVE-2022-28390", "DEBIANCVE:CVE-2022-28893", "DEBIANCVE:CVE-2022-2938", "DEBIANCVE:CVE-2022-29581", "DEBIANCVE:CVE-2022-36946"]}, {"type": "f5", "idList": ["F5:K45164470", "F5:K52259753"]}, {"type": "fedora", "idList": ["FEDORA:11BA63093F7B", "FEDORA:23A0030AD936", "FEDORA:27893317B3E2", "FEDORA:5D5BA3025879", "FEDORA:73F80317D954", "FEDORA:791D3304C27B", "FEDORA:8904F30B95E5", "FEDORA:A4846305797B", "FEDORA:CFF3C30B73E9"]}, {"type": "githubexploit", "idList": ["1EF67F84-0CA0-5928-AE63-14B72E0B13B0", "58D56E09-E266-52D1-8E6F-749551BEC175", "59D4903F-B387-50CB-AC2C-B34EB1920BF5", "AC8391C6-9C7C-562A-A523-E925BC4005C3", "B5E6CCAE-6F85-50D3-A016-7CA8BDF4385C", "B8B06A12-C7E0-50A2-8B97-C96DEC77EEB8", "C38E0645-3DE1-5134-94E3-00DFE9B99A88", "D5706C20-994B-524A-8C43-838B970CD47C", "D632E896-5824-5634-95FB-A564581718DA", "DC3905DC-182D-514C-A689-6B8E9D2771E0"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00706"]}, {"type": "kaspersky", "idList": ["KLA19245"]}, {"type": "mageia", "idList": ["MGASA-2021-0418", "MGASA-2022-0062", "MGASA-2022-0063", "MGASA-2022-0100", "MGASA-2022-0101", "MGASA-2022-0121", "MGASA-2022-0122", "MGASA-2022-0154", "MGASA-2022-0155", "MGASA-2022-0194", "MGASA-2022-0195", "MGASA-2022-0212", "MGASA-2022-0213", "MGASA-2022-0229", "MGASA-2022-0230", "MGASA-2022-0278", "MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:8FF6ADCDE71AD78C1537280203BB4A22"]}, {"type": "mscve", "idList": ["MS:CVE-2022-23960"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-039.NASL", "AL2022_ALAS2022-2022-042.NASL", "AL2022_ALAS2022-2022-083.NASL", "AL2022_ALAS2022-2022-114.NASL", "AL2022_ALAS2022-2022-127.NASL", "AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2_ALAS-2021-1727.NASL", "AL2_ALAS-2022-1761.NASL", "AL2_ALAS-2022-1768.NASL", "AL2_ALAS-2022-1793.NASL", "AL2_ALAS-2022-1798.NASL", "AL2_ALAS-2022-1813.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1852.NASL", "AL2_ALASKERNEL-5_10-2022-011.NASL", "AL2_ALASKERNEL-5_10-2022-012.NASL", "AL2_ALASKERNEL-5_10-2022-013.NASL", "AL2_ALASKERNEL-5_10-2022-014.NASL", "AL2_ALASKERNEL-5_10-2022-015.NASL", "AL2_ALASKERNEL-5_10-2022-016.NASL", "AL2_ALASKERNEL-5_10-2022-017.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_15-2022-001.NASL", "AL2_ALASKERNEL-5_15-2022-002.NASL", "AL2_ALASKERNEL-5_15-2022-003.NASL", "AL2_ALASKERNEL-5_15-2022-004.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_15-2022-007.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-023.NASL", "AL2_ALASKERNEL-5_4-2022-024.NASL", "AL2_ALASKERNEL-5_4-2022-026.NASL", "AL2_ALASKERNEL-5_4-2022-028.NASL", "AL2_ALASKERNEL-5_4-2022-030.NASL", "AL2_ALASKERNEL-5_4-2022-032.NASL", "AL2_ALASKERNEL-5_4-2022-034.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "ALA_ALAS-2022-1571.NASL", "ALA_ALAS-2022-1577.NASL", "ALA_ALAS-2022-1591.NASL", "ALA_ALAS-2022-1604.NASL", "ALA_ALAS-2022-1636.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DLA-3173.NASL", "DEBIAN_DSA-5092.NASL", "DEBIAN_DSA-5095.NASL", "DEBIAN_DSA-5096.NASL", "DEBIAN_DSA-5127.NASL", "DEBIAN_DSA-5161.NASL", "DEBIAN_DSA-5173.NASL", "DEBIAN_DSA-5207.NASL", "DEBIAN_DSA-5257.NASL", "EULEROS_SA-2021-1967.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2051.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2221.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2021-2857.NASL", "EULEROS_SA-2022-1366.NASL", "EULEROS_SA-2022-1537.NASL", "EULEROS_SA-2022-1647.NASL", "EULEROS_SA-2022-1661.NASL", "EULEROS_SA-2022-1681.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-1779.NASL", "EULEROS_SA-2022-1781.NASL", "EULEROS_SA-2022-1791.NASL", "EULEROS_SA-2022-1817.NASL", "EULEROS_SA-2022-1829.NASL", "EULEROS_SA-2022-1844.NASL", "EULEROS_SA-2022-1868.NASL", "EULEROS_SA-2022-1896.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-1999.NASL", "EULEROS_SA-2022-2026.NASL", "EULEROS_SA-2022-2054.NASL", "EULEROS_SA-2022-2075.NASL", "EULEROS_SA-2022-2081.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2181.NASL", "EULEROS_SA-2022-2200.NASL", "EULEROS_SA-2022-2225.NASL", "EULEROS_SA-2022-2244.NASL", "EULEROS_SA-2022-2257.NASL", "EULEROS_SA-2022-2273.NASL", "EULEROS_SA-2022-2292.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2619.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2712.NASL", "EULEROS_SA-2022-2732.NASL", "EULEROS_SA-2022-2767.NASL", "NEWSTART_CGSL_NS-SA-2022-0076_OPENSSL.NASL", "OPENSUSE-2021-1271.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-3179.NASL", "OPENSUSE-2021-3205.NASL", "OPENSUSE-2021-3876.NASL", "OPENSUSE-2021-579.NASL", "OPENSUSE-2021-758.NASL", "OPENSUSE-2022-0056-1.NASL", "OPENSUSE-2022-0131-1.NASL", "OPENSUSE-2022-0366-1.NASL", "OPENSUSE-2022-0768-1.NASL", "OPENSUSE-2022-1037-1.NASL", "OPENSUSE-2022-1039-1.NASL", "ORACLELINUX_ELSA-2022-5232.NASL", "ORACLELINUX_ELSA-2022-6003.NASL", "ORACLELINUX_ELSA-2022-6610.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-9147.NASL", "ORACLELINUX_ELSA-2022-9148.NASL", "ORACLELINUX_ELSA-2022-9244.NASL", "ORACLELINUX_ELSA-2022-9245.NASL", "ORACLELINUX_ELSA-2022-9260.NASL", "ORACLELINUX_ELSA-2022-9266.NASL", "ORACLELINUX_ELSA-2022-9267.NASL", "ORACLELINUX_ELSA-2022-9270.NASL", "ORACLELINUX_ELSA-2022-9271.NASL", "ORACLELINUX_ELSA-2022-9273.NASL", "ORACLELINUX_ELSA-2022-9274.NASL", "ORACLELINUX_ELSA-2022-9313.NASL", "ORACLELINUX_ELSA-2022-9314.NASL", "ORACLELINUX_ELSA-2022-9348.NASL", "ORACLELINUX_ELSA-2022-9365.NASL", "ORACLELINUX_ELSA-2022-9368.NASL", "ORACLELINUX_ELSA-2022-9422.NASL", "ORACLELINUX_ELSA-2022-9423.NASL", "ORACLELINUX_ELSA-2022-9425.NASL", "ORACLELINUX_ELSA-2022-9426.NASL", "ORACLELINUX_ELSA-2022-9427.NASL", "ORACLELINUX_ELSA-2022-9442.NASL", "ORACLELINUX_ELSA-2022-9443.NASL", "ORACLELINUX_ELSA-2022-9477.NASL", "ORACLELINUX_ELSA-2022-9478.NASL", "ORACLELINUX_ELSA-2022-9479.NASL", "ORACLELINUX_ELSA-2022-9480.NASL", "ORACLELINUX_ELSA-2022-9495.NASL", "ORACLELINUX_ELSA-2022-9496.NASL", "ORACLELINUX_ELSA-2022-9533.NASL", "ORACLELINUX_ELSA-2022-9534.NASL", "ORACLELINUX_ELSA-2022-9557.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9828.NASL", "ORACLELINUX_ELSA-2022-9829.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9870.NASL", "ORACLELINUX_ELSA-2022-9871.NASL", "ORACLELINUX_ELSA-2022-9926.NASL", "ORACLELINUX_ELSA-2022-9927.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLEVM_OVMSA-2022-0011.NASL", "ORACLEVM_OVMSA-2022-0014.NASL", "ORACLEVM_OVMSA-2022-0019.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "REDHAT-RHSA-2022-6002.NASL", "REDHAT-RHSA-2022-6003.NASL", "REDHAT-RHSA-2022-6582.NASL", "REDHAT-RHSA-2022-6610.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "SLACKWARE_SSA_2022-031-01.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS22_SEP_5017328.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-1248-1.NASL", "SUSE_SU-2021-14724-1.NASL", "SUSE_SU-2021-14849-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-3177-1.NASL", "SUSE_SU-2021-3178-1.NASL", "SUSE_SU-2021-3179-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3205-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3207-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3360-1.NASL", "SUSE_SU-2021-3361-1.NASL", "SUSE_SU-2021-3371-1.NASL", "SUSE_SU-2021-3374-1.NASL", "SUSE_SU-2021-3401-1.NASL", "SUSE_SU-2021-3440-1.NASL", "SUSE_SU-2021-3443-1.NASL", "SUSE_SU-2021-3459-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2022-0056-1.NASL", "SUSE_SU-2022-0068-1.NASL", "SUSE_SU-2022-0079-1.NASL", "SUSE_SU-2022-0080-1.NASL", "SUSE_SU-2022-0090-1.NASL", "SUSE_SU-2022-0131-1.NASL", "SUSE_SU-2022-0181-1.NASL", "SUSE_SU-2022-0197-1.NASL", "SUSE_SU-2022-0362-1.NASL", "SUSE_SU-2022-0366-1.NASL", "SUSE_SU-2022-0367-1.NASL", "SUSE_SU-2022-0371-1.NASL", "SUSE_SU-2022-0477-1.NASL", "SUSE_SU-2022-0555-1.NASL", "SUSE_SU-2022-0756-1.NASL", "SUSE_SU-2022-0757-1.NASL", "SUSE_SU-2022-0759-1.NASL", "SUSE_SU-2022-0761-1.NASL", "SUSE_SU-2022-0762-1.NASL", "SUSE_SU-2022-0765-1.NASL", "SUSE_SU-2022-0766-1.NASL", "SUSE_SU-2022-0767-1.NASL", "SUSE_SU-2022-0768-1.NASL", "SUSE_SU-2022-1037-1.NASL", "SUSE_SU-2022-1038-1.NASL", "SUSE_SU-2022-1039-1.NASL", "SUSE_SU-2022-1163-1.NASL", "SUSE_SU-2022-1183-1.NASL", "SUSE_SU-2022-1196-1.NASL", "SUSE_SU-2022-1197-1.NASL", "SUSE_SU-2022-1255-1.NASL", "SUSE_SU-2022-1256-1.NASL", "SUSE_SU-2022-1257-1.NASL", "SUSE_SU-2022-1266-1.NASL", "SUSE_SU-2022-1267-1.NASL", "SUSE_SU-2022-1270-1.NASL", "SUSE_SU-2022-1283-1.NASL", "SUSE_SU-2022-1318-1.NASL", "SUSE_SU-2022-1320-1.NASL", "SUSE_SU-2022-1322-1.NASL", "SUSE_SU-2022-1326-1.NASL", "SUSE_SU-2022-1329-1.NASL", "SUSE_SU-2022-1335-1.NASL", "SUSE_SU-2022-1369-1.NASL", "SUSE_SU-2022-1402-1.NASL", "SUSE_SU-2022-1407-1.NASL", "SUSE_SU-2022-1440-1.NASL", "SUSE_SU-2022-1453-1.NASL", "SUSE_SU-2022-1486-1.NASL", "SUSE_SU-2022-14905-1.NASL", "SUSE_SU-2022-1651-1.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-1939-1.NASL", "SUSE_SU-2022-1942-1.NASL", "SUSE_SU-2022-1945-1.NASL", "SUSE_SU-2022-1947-1.NASL", "SUSE_SU-2022-1948-1.NASL", "SUSE_SU-2022-1955-1.NASL", "SUSE_SU-2022-1974-1.NASL", "SUSE_SU-2022-2000-1.NASL", "SUSE_SU-2022-2006-1.NASL", "SUSE_SU-2022-2077-1.NASL", "SUSE_SU-2022-2078-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2082-1.NASL", "SUSE_SU-2022-2103-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2116-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-2268-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2438-1.NASL", "SUSE_SU-2022-2444-1.NASL", "SUSE_SU-2022-2446-1.NASL", "SUSE_SU-2022-2461-1.NASL", "SUSE_SU-2022-2482-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2699-1.NASL", "SUSE_SU-2022-2700-1.NASL", "SUSE_SU-2022-2709-1.NASL", "SUSE_SU-2022-2719-1.NASL", "SUSE_SU-2022-2720-1.NASL", "SUSE_SU-2022-2721-1.NASL", "SUSE_SU-2022-2722-1.NASL", "SUSE_SU-2022-2723-1.NASL", "SUSE_SU-2022-2726-1.NASL", "SUSE_SU-2022-2727-1.NASL", "SUSE_SU-2022-2728-1.NASL", "SUSE_SU-2022-2738-1.NASL", "SUSE_SU-2022-2741-1.NASL", "SUSE_SU-2022-2745-1.NASL", "SUSE_SU-2022-2766-1.NASL", "SUSE_SU-2022-2770-1.NASL", "SUSE_SU-2022-2776-1.NASL", "SUSE_SU-2022-2780-1.NASL", "SUSE_SU-2022-2783-1.NASL", "SUSE_SU-2022-2789-1.NASL", "SUSE_SU-2022-2803-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-2827-1.NASL", "SUSE_SU-2022-2840-1.NASL", "SUSE_SU-2022-2854-1.NASL", "SUSE_SU-2022-2875-1.NASL", "SUSE_SU-2022-2892-1.NASL", "SUSE_SU-2022-2910-1.NASL", "SUSE_SU-2022-3061-1.NASL", "SUSE_SU-2022-3064-1.NASL", "SUSE_SU-2022-3072-1.NASL", "SUSE_SU-2022-3088-1.NASL", "SUSE_SU-2022-3108-1.NASL", "SUSE_SU-2022-3123-1.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3264-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3288-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3350-1.NASL", "SUSE_SU-2022-3359-1.NASL", "SUSE_SU-2022-3366-1.NASL", "SUSE_SU-2022-3368-1.NASL", "SUSE_SU-2022-3369-1.NASL", "SUSE_SU-2022-3370-1.NASL", "SUSE_SU-2022-3377-1.NASL", "SUSE_SU-2022-3407-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3412-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3432-1.NASL", "SUSE_SU-2022-3433-1.NASL", "SUSE_SU-2022-3445-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3463-1.NASL", "SUSE_SU-2022-3464-1.NASL", "SUSE_SU-2022-3465-1.NASL", "SUSE_SU-2022-3476-1.NASL", "SUSE_SU-2022-3585-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3704-1.NASL", "SUSE_SU-2022-3775-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-3844-1.NASL", "UBUNTU_USN-4945-1.NASL", "UBUNTU_USN-4945-2.NASL", "UBUNTU_USN-4946-1.NASL", "UBUNTU_USN-4947-1.NASL", "UBUNTU_USN-4984-1.NASL", "UBUNTU_USN-5265-1.NASL", "UBUNTU_USN-5267-1.NASL", "UBUNTU_USN-5267-3.NASL", "UBUNTU_USN-5268-1.NASL", "UBUNTU_USN-5302-1.NASL", "UBUNTU_USN-5317-1.NASL", "UBUNTU_USN-5318-1.NASL", "UBUNTU_USN-5358-1.NASL", "UBUNTU_USN-5358-2.NASL", "UBUNTU_USN-5362-1.NASL", "UBUNTU_USN-5368-1.NASL", "UBUNTU_USN-5377-1.NASL", "UBUNTU_USN-5381-1.NASL", "UBUNTU_USN-5383-1.NASL", "UBUNTU_USN-5384-1.NASL", "UBUNTU_USN-5385-1.NASL", "UBUNTU_USN-5390-1.NASL", "UBUNTU_USN-5390-2.NASL", "UBUNTU_USN-5413-1.NASL", "UBUNTU_USN-5415-1.NASL", "UBUNTU_USN-5416-1.NASL", "UBUNTU_USN-5442-1.NASL", "UBUNTU_USN-5442-2.NASL", "UBUNTU_USN-5443-1.NASL", "UBUNTU_USN-5443-2.NASL", "UBUNTU_USN-5444-1.NASL", "UBUNTU_USN-5465-1.NASL", "UBUNTU_USN-5466-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5468-1.NASL", "UBUNTU_USN-5469-1.NASL", "UBUNTU_USN-5470-1.NASL", "UBUNTU_USN-5471-1.NASL", "UBUNTU_USN-5529-1.NASL", "UBUNTU_USN-5544-1.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5580-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5590-1.NASL", "UBUNTU_USN-5594-1.NASL", "UBUNTU_USN-5599-1.NASL", "UBUNTU_USN-5602-1.NASL", "UBUNTU_USN-5616-1.NASL", "UBUNTU_USN-5621-1.NASL", "UBUNTU_USN-5622-1.NASL", "UBUNTU_USN-5623-1.NASL", "UBUNTU_USN-5624-1.NASL", "UBUNTU_USN-5630-1.NASL", "UBUNTU_USN-5633-1.NASL", "UBUNTU_USN-5634-1.NASL", "UBUNTU_USN-5635-1.NASL", "UBUNTU_USN-5639-1.NASL", "UBUNTU_USN-5640-1.NASL", "UBUNTU_USN-5644-1.NASL", "UBUNTU_USN-5647-1.NASL", "UBUNTU_USN-5648-1.NASL", "UBUNTU_USN-5650-1.NASL", "UBUNTU_USN-5652-1.NASL", "UBUNTU_USN-5654-1.NASL", "UBUNTU_USN-5655-1.NASL", "UBUNTU_USN-5660-1.NASL", "UBUNTU_USN-5667-1.NASL", "UBUNTU_USN-5668-1.NASL", "UBUNTU_USN-5677-1.NASL", "UBUNTU_USN-5682-1.NASL", "UBUNTU_USN-5683-1.NASL", "UBUNTU_USN-5703-1.NASL", "UBUNTU_USN-5706-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-5232", "ELSA-2022-6003", "ELSA-2022-6610", "ELSA-2022-7337", "ELSA-2022-9147", "ELSA-2022-9148", "ELSA-2022-9244", "ELSA-2022-9245", "ELSA-2022-9260", "ELSA-2022-9266", "ELSA-2022-9267", "ELSA-2022-9270", "ELSA-2022-9271", "ELSA-2022-9273", "ELSA-2022-9274", "ELSA-2022-9313", "ELSA-2022-9314", "ELSA-2022-9348", "ELSA-2022-9365", "ELSA-2022-9368", "ELSA-2022-9422", "ELSA-2022-9423", "ELSA-2022-9425", "ELSA-2022-9426", "ELSA-2022-9427", "ELSA-2022-9442", "ELSA-2022-9443", "ELSA-2022-9477", "ELSA-2022-9478", "ELSA-2022-9479", "ELSA-2022-9480", "ELSA-2022-9495", "ELSA-2022-9496", "ELSA-2022-9533", "ELSA-2022-9534", "ELSA-2022-9557", "ELSA-2022-9761", "ELSA-2022-9827", "ELSA-2022-9828", "ELSA-2022-9829", "ELSA-2022-9830", "ELSA-2022-9852", "ELSA-2022-9870", "ELSA-2022-9871", "ELSA-2022-9926", "ELSA-2022-9927", "ELSA-2022-9969"]}, {"type": "osv", "idList": ["OSV:DLA-2689-1", "OSV:DLA-2940-1", "OSV:DLA-2941-1", "OSV:DLA-3065-1", "OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DLA-3173-1", "OSV:DSA-5092-1", "OSV:DSA-5095-1", "OSV:DSA-5096-1", "OSV:DSA-5127-1", "OSV:DSA-5161-1", "OSV:DSA-5173-1", "OSV:DSA-5207-1", "OSV:DSA-5257-1", "OSV:DSA-5257-2"]}, {"type": "photon", "idList": ["PHSA-2021-0210", "PHSA-2021-0332", "PHSA-2022-0168", "PHSA-2022-0183", "PHSA-2022-0189", "PHSA-2022-0201", "PHSA-2022-0226", "PHSA-2022-0238", "PHSA-2022-0248", "PHSA-2022-0376", "PHSA-2022-0393", "PHSA-2022-0395", "PHSA-2022-0399", "PHSA-2022-0433", "PHSA-2022-0446", "PHSA-2022-0506", "PHSA-2022-0513", "PHSA-2022-0517"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:207700353EDB2453B1928E90A6683A0E"]}, {"type": "redhat", "idList": ["RHSA-2022:6002", "RHSA-2022:6003", "RHSA-2022:6582", "RHSA-2022:6610", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7933", "RHSA-2022:8267"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-36516", "RH:CVE-2020-36558", "RH:CVE-2021-30002", "RH:CVE-2021-3640", "RH:CVE-2022-0168", "RH:CVE-2022-0617", "RH:CVE-2022-0854", "RH:CVE-2022-1016", "RH:CVE-2022-1048", "RH:CVE-2022-1055", "RH:CVE-2022-1184", "RH:CVE-2022-1852", "RH:CVE-2022-1972", "RH:CVE-2022-20368", "RH:CVE-2022-2078", "RH:CVE-2022-21499", "RH:CVE-2022-23960", "RH:CVE-2022-24448", "RH:CVE-2022-2586", "RH:CVE-2022-26373", "RH:CVE-2022-2639", "RH:CVE-2022-27950", "RH:CVE-2022-28390", "RH:CVE-2022-28893", "RH:CVE-2022-2938", "RH:CVE-2022-29581", "RH:CVE-2022-36946"]}, {"type": "slackware", "idList": ["SSA-2022-031-01", "SSA-2022-129-01", "SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1271-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:3179-1", "OPENSUSE-SU-2021:3205-1", "OPENSUSE-SU-2021:3876-1", "OPENSUSE-SU-2022:0768-1", "OPENSUSE-SU-2022:1037-1", "OPENSUSE-SU-2022:1039-1", "OPENSUSE-SU-2022:2177-1", "SUSE-SU-2022:1163-1", "SUSE-SU-2022:1183-1", "SUSE-SU-2022:1256-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:2078-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2615-1", "SUSE-SU-2022:2722-1", "SUSE-SU-2022:2741-1", "SUSE-SU-2022:2803-1", "SUSE-SU-2022:2827-1", "SUSE-SU-2022:2875-1", "SUSE-SU-2022:2875-2", "SUSE-SU-2022:2892-2", "SUSE-SU-2022:3264-1", "SUSE-SU-2022:3288-1", "SUSE-SU-2022:3293-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3585-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3775-1", "SUSE-SU-2022:3809-1", "SUSE-SU-2022:3844-1"]}, {"type": "thn", "idList": ["THN:D010C92A9BC9913717ECAC2624F32E80"]}, {"type": "ubuntu", "idList": ["LSN-0086-1", "LSN-0089-1", "USN-4945-1", "USN-4945-2", "USN-4946-1", "USN-4947-1", "USN-4984-1", "USN-5265-1", "USN-5267-1", "USN-5267-2", "USN-5267-3", "USN-5268-1", "USN-5302-1", "USN-5317-1", "USN-5318-1", "USN-5358-1", "USN-5358-2", "USN-5362-1", "USN-5368-1", "USN-5377-1", "USN-5381-1", "USN-5383-1", "USN-5384-1", "USN-5385-1", "USN-5390-1", "USN-5390-2", "USN-5413-1", "USN-5415-1", "USN-5416-1", "USN-5442-1", "USN-5442-2", "USN-5443-1", "USN-5443-2", "USN-5444-1", "USN-5465-1", "USN-5466-1", "USN-5467-1", "USN-5468-1", "USN-5469-1", "USN-5470-1", "USN-5471-1", "USN-5484-1", "USN-5529-1", "USN-5544-1", "USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5580-1", "USN-5582-1", "USN-5590-1", "USN-5594-1", "USN-5599-1", "USN-5602-1", "USN-5616-1", "USN-5621-1", "USN-5622-1", "USN-5623-1", "USN-5624-1", "USN-5630-1", "USN-5633-1", "USN-5634-1", "USN-5635-1", "USN-5639-1", "USN-5640-1", "USN-5644-1", "USN-5647-1", "USN-5648-1", "USN-5650-1", "USN-5652-1", "USN-5654-1", "USN-5655-1", "USN-5660-1", "USN-5667-1", "USN-5668-1", "USN-5677-1", "USN-5682-1", "USN-5683-1", "USN-5703-1", "USN-5706-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-36516", "UB:CVE-2020-36558", "UB:CVE-2021-30002", "UB:CVE-2021-3640", "UB:CVE-2022-0168", "UB:CVE-2022-0617", "UB:CVE-2022-0854", "UB:CVE-2022-1016", "UB:CVE-2022-1048", "UB:CVE-2022-1055", "UB:CVE-2022-1184", "UB:CVE-2022-1852", "UB:CVE-2022-20158", "UB:CVE-2022-20368", "UB:CVE-2022-2078", "UB:CVE-2022-21499", "UB:CVE-2022-23960", "UB:CVE-2022-24448", "UB:CVE-2022-2586", "UB:CVE-2022-26373", "UB:CVE-2022-2639", "UB:CVE-2022-27950", "UB:CVE-2022-28390", "UB:CVE-2022-28893", "UB:CVE-2022-2938", "UB:CVE-2022-29581", "UB:CVE-2022-36946"]}, {"type": "veracode", "idList": ["VERACODE:30650", "VERACODE:35128", "VERACODE:35280", "VERACODE:35281", "VERACODE:35289", "VERACODE:35533", "VERACODE:36020", "VERACODE:37092", "VERACODE:37094", "VERACODE:37270", "VERACODE:37422"]}, {"type": "vmware", "idList": ["VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-398"]}, {"type": "zdi", "idList": ["ZDI-22-1118"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "vulnersScore": -0.3}, "_state": {"dependencies": 1668525975, "score": 1668526043}, "_internal": {"score_hash": "d311f867d34a2f4d2eb27063068530f0"}, "affectedPackage": [{"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-4.18.0-425.3.1.el8.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "bpftool-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-cross-headers-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-cross-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-headers-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-tools-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-tools-libs-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-tools-libs-devel-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "perf-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "python3-perf-4.18.0-425.3.1.el8.aarch64.rpm", "operator": "lt", "packageName": "python3-perf"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-4.18.0-425.3.1.el8.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "bpftool-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-abi-stablelists-4.18.0-425.3.1.el8.noarch.rpm", "operator": "lt", "packageName": "kernel-abi-stablelists"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-core-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-cross-headers-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-cross-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-debug-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-debug-core-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-debug-devel-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-debug-modules-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-modules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-debug-modules-extra-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-modules-extra"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-devel-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-doc-4.18.0-425.3.1.el8.noarch.rpm", "operator": "lt", "packageName": "kernel-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-headers-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-modules-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-modules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-modules-extra-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-modules-extra"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-tools-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-tools-libs-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "kernel-tools-libs-devel-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "perf-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-425.3.1.el8", "packageFilename": "python3-perf-4.18.0-425.3.1.el8.x86_64.rpm", "operator": "lt", "packageName": "python3-perf"}]}
{"redhat": [{"lastseen": "2022-11-08T08:46:31", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* Use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:19:55", "type": "redhat", "title": "(RHSA-2022:7444) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-08T07:41:05", "id": "RHSA-2022:7444", "href": "https://access.redhat.com/errata/RHSA-2022:7444", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-08T08:46:30", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Spectre-BHB (CVE-2022-23960)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:19", "type": "redhat", "title": "(RHSA-2022:7683) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-08T07:47:35", "id": "RHSA-2022:7683", "href": "https://access.redhat.com/errata/RHSA-2022:7683", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-15T10:06:25", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n* kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n* use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T06:19:55", "type": "redhat", "title": "(RHSA-2022:8267) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-11-15T08:02:41", "id": "RHSA-2022:8267", "href": "https://access.redhat.com/errata/RHSA-2022:8267", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-15T08:06:23", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n* kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n* use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T06:11:40", "type": "redhat", "title": "(RHSA-2022:7933) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-11-15T07:20:59", "id": "RHSA-2022:7933", "href": "https://access.redhat.com/errata/RHSA-2022:7933", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-14T23:19:21", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T19:39:55", "type": "redhat", "title": "(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-3517", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-41912", "CVE-2022-42898"], "modified": "2022-12-14T19:40:16", "id": "RHSA-2022:9040", "href": "https://access.redhat.com/errata/RHSA-2022:9040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-08T18:08:09", "description": "Openshift Logging Bug Fix Release (5.3.14)\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T16:23:35", "type": "redhat", "title": "(RHSA-2022:8889) Moderate: Openshift Logging 5.3.14 bug fix release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-39399", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42898"], "modified": "2022-12-08T16:23:58", "id": "RHSA-2022:8889", "href": "https://access.redhat.com/errata/RHSA-2022:8889", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-08T08:08:09", "description": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T07:35:26", "type": "redhat", "title": "(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-32189", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-37603", "CVE-2022-39399", "CVE-2022-41715", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-12-08T07:35:50", "id": "RHSA-2022:8781", "href": "https://access.redhat.com/errata/RHSA-2022:8781", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-10T19:35:37", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7444 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:7444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-7444.NASL", "href": "https://www.tenable.com/plugins/nessus/167095", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7444. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167095);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7444\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:7444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7444 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer\n dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c\n (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2096178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2120175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\nvar repos_found = !(isnull(repo_sets) || isnull(max_index(keys(repo_sets))));\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7444');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_list': ['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary'],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_list = NULL;\n if (!empty_or_null(constraint_array['repo_list'])) repo_list = constraint_array['repo_list'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) &&\n (repos_found || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:41:32", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7444 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel-rt (ALSA-2022:7444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::nfv", "cpe:/o:alma:linux:8::realtime"], "id": "ALMA_LINUX_ALSA-2022-7444.NASL", "href": "https://www.tenable.com/plugins/nessus/167311", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7444.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167311);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7444\");\n\n script_name(english:\"AlmaLinux 8 : kernel-rt (ALSA-2022:7444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7444 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7444.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7444');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:35:38", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7683 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167155", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7683. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167155);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7683\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7683 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer\n dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c\n (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2062284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2096178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2120175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\nvar repos_found = !(isnull(repo_sets) || isnull(max_index(keys(repo_sets))));\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-23960', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7683');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_list': ['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary'],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_list = NULL;\n if (!empty_or_null(constraint_array['repo_list'])) repo_list = constraint_array['repo_list'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) &&\n (repos_found || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:39:54", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7683 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos", "cpe:/o:alma:linux:8::powertools"], "id": "ALMA_LINUX_ALSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167447", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7683\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7683 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::powertools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-23960', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7683');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:38:20", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7683 advisory.\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167577", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167577);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7683 advisory.\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-425.3.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7683');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:38:33", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7933 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : kernel-rt (ALSA-2022:7933)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::nfv", "cpe:/o:alma:linux:9::realtime"], "id": "ALMA_LINUX_ALSA-2022-7933.NASL", "href": "https://www.tenable.com/plugins/nessus/167989", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7933.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167989);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7933\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 9 : kernel-rt (ALSA-2022:7933)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7933 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers\n copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to\n crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-7933.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7933');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:39:54", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8267 advisory.\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : kernel (ELSA-2022-8267)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-devel-matched", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-devel-matched", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/168085", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-8267.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168085);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 9 : kernel (ELSA-2022-8267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-8267 advisory.\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers\n copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to\n crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-8267.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.14.0-162.6.1.el9_1'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-8267');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.14.0'},\n {'reference':'kernel-abi-stablelists-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-5.14.0'},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-5.14.0'},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-5.14.0'},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-5.14.0'},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-5.14.0'},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-5.14.0'},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-5.14.0'},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-matched-5.14.0'},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-5.14.0'},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-5.14.0'},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-5.14.0'},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-matched-5.14.0'},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-5.14.0'},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-5.14.0'},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-5.14.0'},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-5.14.0'},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-5.14.0'},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-5.14.0'},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-5.14.0'},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-5.14.0'},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-5.14.0'},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-5.14.0'},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:38:21", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8267 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : kernel (RHSA-2022:8267)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/167620", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8267. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167620);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8267\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 9 : kernel (RHSA-2022:8267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8267 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-39190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2052312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2071022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_9_appstream': [\n 'rhel-9-for-aarch64-appstream-debug-rpms',\n 'rhel-9-for-aarch64-appstream-rpms',\n 'rhel-9-for-aarch64-appstream-source-rpms',\n 'rhel-9-for-s390x-appstream-debug-rpms',\n 'rhel-9-for-s390x-appstream-rpms',\n 'rhel-9-for-s390x-appstream-source-rpms',\n 'rhel-9-for-x86_64-appstream-debug-rpms',\n 'rhel-9-for-x86_64-appstream-rpms',\n 'rhel-9-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_9_baseos': [\n 'rhel-9-for-aarch64-baseos-debug-rpms',\n 'rhel-9-for-aarch64-baseos-rpms',\n 'rhel-9-for-aarch64-baseos-source-rpms',\n 'rhel-9-for-s390x-baseos-debug-rpms',\n 'rhel-9-for-s390x-baseos-rpms',\n 'rhel-9-for-s390x-baseos-source-rpms',\n 'rhel-9-for-x86_64-baseos-debug-rpms',\n 'rhel-9-for-x86_64-baseos-rpms',\n 'rhel-9-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_9_crb': [\n 'codeready-builder-for-rhel-9-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-aarch64-rpms',\n 'codeready-builder-for-rhel-9-aarch64-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-rpms',\n 'codeready-builder-for-rhel-9-s390x-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-rpms',\n 'codeready-builder-for-rhel-9-x86_64-source-rpms'\n ],\n 'enterprise_linux_9_highavailability': [\n 'rhel-9-for-aarch64-highavailability-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-source-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-9-for-aarch64-highavailability-rpms',\n 'rhel-9-for-aarch64-highavailability-source-rpms',\n 'rhel-9-for-s390x-highavailability-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-source-rpms',\n 'rhel-9-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-9-for-s390x-highavailability-eus-rpms',\n 'rhel-9-for-s390x-highavailability-eus-source-rpms',\n 'rhel-9-for-s390x-highavailability-rpms',\n 'rhel-9-for-s390x-highavailability-source-rpms',\n 'rhel-9-for-x86_64-highavailability-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-9-for-x86_64-highavailability-rpms',\n 'rhel-9-for-x86_64-highavailability-source-rpms'\n ],\n 'enterprise_linux_9_nfv': [\n 'rhel-9-for-x86_64-nfv-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-source-rpms',\n 'rhel-9-for-x86_64-nfv-rpms',\n 'rhel-9-for-x86_64-nfv-source-rpms'\n ],\n 'enterprise_linux_9_realtime': [\n 'rhel-9-for-x86_64-rt-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-rpms',\n 'rhel-9-for-x86_64-rt-e4s-source-rpms',\n 'rhel-9-for-x86_64-rt-rpms',\n 'rhel-9-for-x86_64-rt-source-rpms'\n ],\n 'enterprise_linux_9_resilientstorage': [\n 'rhel-9-for-s390x-resilientstorage-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-rpms',\n 'rhel-9-for-s390x-resilientstorage-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-rpms',\n 'rhel-9-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_9_sap': [\n 'rhel-9-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-rpms',\n 'rhel-9-for-s390x-sap-netweaver-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_9_sap_hana': [\n 'rhel-9-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-rpms',\n 'rhel-9-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_9_supplementary': [\n 'rhel-9-for-aarch64-supplementary-eus-rpms',\n 'rhel-9-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-9-for-aarch64-supplementary-rpms',\n 'rhel-9-for-aarch64-supplementary-source-rpms',\n 'rhel-9-for-s390x-supplementary-eus-rpms',\n 'rhel-9-for-s390x-supplementary-eus-source-rpms',\n 'rhel-9-for-s390x-supplementary-rpms',\n 'rhel-9-for-s390x-supplementary-source-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-9-for-x86_64-supplementary-rpms',\n 'rhel-9-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\nvar repos_found = !(isnull(repo_sets) || isnull(max_index(keys(repo_sets))));\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:8267');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_list': ['enterprise_linux_9_appstream', 'enterprise_linux_9_baseos', 'enterprise_linux_9_crb', 'enterprise_linux_9_highavailability', 'enterprise_linux_9_nfv', 'enterprise_linux_9_realtime', 'enterprise_linux_9_resilientstorage', 'enterprise_linux_9_sap', 'enterprise_linux_9_sap_hana', 'enterprise_linux_9_supplementary'],\n 'pkgs': [\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_list = NULL;\n if (!empty_or_null(constraint_array['repo_list'])) repo_list = constraint_array['repo_list'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) &&\n (repos_found || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:40:39", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7933 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "RHEL 9 : kernel-rt (RHSA-2022:7933)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-modules-extra:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2022-7933.NASL", "href": "https://www.tenable.com/plugins/nessus/167544", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7933. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167544);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7933\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 9 : kernel-rt (RHSA-2022:7933)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7933 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-39190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2052312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2071022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_9_appstream': [\n 'rhel-9-for-aarch64-appstream-debug-rpms',\n 'rhel-9-for-aarch64-appstream-rpms',\n 'rhel-9-for-aarch64-appstream-source-rpms',\n 'rhel-9-for-s390x-appstream-debug-rpms',\n 'rhel-9-for-s390x-appstream-rpms',\n 'rhel-9-for-s390x-appstream-source-rpms',\n 'rhel-9-for-x86_64-appstream-debug-rpms',\n 'rhel-9-for-x86_64-appstream-rpms',\n 'rhel-9-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_9_baseos': [\n 'rhel-9-for-aarch64-baseos-debug-rpms',\n 'rhel-9-for-aarch64-baseos-rpms',\n 'rhel-9-for-aarch64-baseos-source-rpms',\n 'rhel-9-for-s390x-baseos-debug-rpms',\n 'rhel-9-for-s390x-baseos-rpms',\n 'rhel-9-for-s390x-baseos-source-rpms',\n 'rhel-9-for-x86_64-baseos-debug-rpms',\n 'rhel-9-for-x86_64-baseos-rpms',\n 'rhel-9-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_9_crb': [\n 'codeready-builder-for-rhel-9-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-aarch64-rpms',\n 'codeready-builder-for-rhel-9-aarch64-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-rpms',\n 'codeready-builder-for-rhel-9-s390x-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-rpms',\n 'codeready-builder-for-rhel-9-x86_64-source-rpms'\n ],\n 'enterprise_linux_9_highavailability': [\n 'rhel-9-for-aarch64-highavailability-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-source-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-9-for-aarch64-highavailability-rpms',\n 'rhel-9-for-aarch64-highavailability-source-rpms',\n 'rhel-9-for-s390x-highavailability-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-source-rpms',\n 'rhel-9-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-9-for-s390x-highavailability-eus-rpms',\n 'rhel-9-for-s390x-highavailability-eus-source-rpms',\n 'rhel-9-for-s390x-highavailability-rpms',\n 'rhel-9-for-s390x-highavailability-source-rpms',\n 'rhel-9-for-x86_64-highavailability-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-9-for-x86_64-highavailability-rpms',\n 'rhel-9-for-x86_64-highavailability-source-rpms'\n ],\n 'enterprise_linux_9_nfv': [\n 'rhel-9-for-x86_64-nfv-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-source-rpms',\n 'rhel-9-for-x86_64-nfv-rpms',\n 'rhel-9-for-x86_64-nfv-source-rpms'\n ],\n 'enterprise_linux_9_realtime': [\n 'rhel-9-for-x86_64-rt-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-rpms',\n 'rhel-9-for-x86_64-rt-e4s-source-rpms',\n 'rhel-9-for-x86_64-rt-rpms',\n 'rhel-9-for-x86_64-rt-source-rpms'\n ],\n 'enterprise_linux_9_resilientstorage': [\n 'rhel-9-for-s390x-resilientstorage-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-rpms',\n 'rhel-9-for-s390x-resilientstorage-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-rpms',\n 'rhel-9-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_9_sap': [\n 'rhel-9-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-rpms',\n 'rhel-9-for-s390x-sap-netweaver-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_9_sap_hana': [\n 'rhel-9-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-rpms',\n 'rhel-9-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_9_supplementary': [\n 'rhel-9-for-aarch64-supplementary-eus-rpms',\n 'rhel-9-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-9-for-aarch64-supplementary-rpms',\n 'rhel-9-for-aarch64-supplementary-source-rpms',\n 'rhel-9-for-s390x-supplementary-eus-rpms',\n 'rhel-9-for-s390x-supplementary-eus-source-rpms',\n 'rhel-9-for-s390x-supplementary-rpms',\n 'rhel-9-for-s390x-supplementary-source-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-9-for-x86_64-supplementary-rpms',\n 'rhel-9-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\nvar repos_found = !(isnull(repo_sets) || isnull(max_index(keys(repo_sets))));\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7933');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_list': ['enterprise_linux_9_appstream', 'enterprise_linux_9_baseos', 'enterprise_linux_9_crb', 'enterprise_linux_9_highavailability', 'enterprise_linux_9_nfv', 'enterprise_linux_9_realtime', 'enterprise_linux_9_resilientstorage', 'enterprise_linux_9_sap', 'enterprise_linux_9_sap_hana', 'enterprise_linux_9_supplementary'],\n 'pkgs': [\n {'reference':'kernel-rt-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_list = NULL;\n if (!empty_or_null(constraint_array['repo_list'])) repo_list = constraint_array['repo_list'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) &&\n (repos_found || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:41:32", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8267 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : kernel (ALSA-2022:8267)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-devel-matched", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-devel-matched", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel-matched", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::baseos", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/167835", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8267.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167835);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"ALSA\", value:\"2022:8267\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 9 : kernel (ALSA-2022:8267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:8267 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers\n copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to\n crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8267.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:8267');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:29:28", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2910-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2910-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2910-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164466", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2910-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164466);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-2639\",\n \"CVE-2022-20166\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2910-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2910-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2910-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1103269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202312\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011997.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad8b73e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.97.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.97.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T06:38:13", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3061-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:3061-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2022-36946"], "modified": "2022-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3061-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164914", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3061-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164914);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/10\");\n\n script_cve_id(\"CVE-2020-36516\", \"CVE-2022-36946\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3061-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:3061-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3061-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201941\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012117.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9cd94395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-59_34-default, kgraft-patch-4_12_14-122_127-default and / or kgraft-\npatch-4_12_14-95_83-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE ' + os_ver);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.127-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_127-default-2-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-95.83-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_83-default-13-2.3', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '5.3.18-59.34-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_34-default-15-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-59_34-default / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-01-17T03:04:29", "description": "The version of kernel installed on the remote host is prior to 5.10.118-111.515. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-014 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A use-after-free flaw was found in the Linux kernel's io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-1786)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-014)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-0854", "CVE-2022-1729", "CVE-2022-1786", "CVE-2022-28893", "CVE-2022-29581"], "modified": "2022-06-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.118-111.515", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_10-2022-014.NASL", "href": "https://www.tenable.com/plugins/nessus/162002", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-014.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162002);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-0854\",\n \"CVE-2022-1729\",\n \"CVE-2022-1786\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-014)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.118-111.515. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-014 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A use-after-free flaw was found in the Linux kernel's io_uring subsystem in the way a user sets up a ring\n with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a\n local user to crash or escalate their privileges on the system. (CVE-2022-1786)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-014.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0494.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0854.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1729.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1786.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28893.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29581.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.118-111.515\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-0494\", \"CVE-2022-0854\", \"CVE-2022-1729\", \"CVE-2022-1786\", \"CVE-2022-28893\", \"CVE-2022-29581\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-014\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.118-111.515.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.118-111.515-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.118-111.515-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.118-111.515.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.118-111.515.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T16:36:04", "description": "The version of kernel installed on the remote host is prior to 5.4.196-108.356. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-026 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-026)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-0854", "CVE-2022-1729", "CVE-2022-1836", "CVE-2022-28893", "CVE-2022-29581"], "modified": "2022-06-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-026.NASL", "href": "https://www.tenable.com/plugins/nessus/162005", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-026.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162005);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-0854\",\n \"CVE-2022-1729\",\n \"CVE-2022-1836\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.196-108.356. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-026 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-026.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0494.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0854.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1729.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1836.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28893.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29581.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-0494\", \"CVE-2022-0854\", \"CVE-2022-1729\", \"CVE-2022-1836\", \"CVE-2022-28893\", \"CVE-2022-29581\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-026\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.196-108.356.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.196-108.356.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.196-108.356.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T00:01:43", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3274-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3274-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-4203", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_108-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3274-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165189", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3274-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165189);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20166\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3274-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3274-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3274-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012234.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c588e473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4203\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_108-default-1-6.3.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.108.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-01-10T19:28:14", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3123-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3123-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-39698", "CVE-2022-36946"], "modified": "2022-09-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_18-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3123-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164886", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3123-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164886);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/08\");\n\n script_cve_id(\"CVE-2020-36516\", \"CVE-2021-39698\", \"CVE-2022-36946\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3123-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3123-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3123-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201941\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012119.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b7ba4c0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_24_18-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39698\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_18-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_24_18-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T09:02:29", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3108-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3108-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2022-2585", "CVE-2022-36946"], "modified": "2022-09-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3108-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164882", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3108-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164882);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/08\");\n\n script_cve_id(\"CVE-2020-36516\", \"CVE-2022-2585\", \"CVE-2022-36946\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3108-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3108-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3108-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202163\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012107.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?070f9828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_22-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_14_21-150400_22-default-5-150400.4.12.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_22-default');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-01-26T00:02:48", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3265-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3265-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-1462", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_133-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3265-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165196", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3265-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165196);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-29581\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3265-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3265-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3265-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1078216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1093777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1094120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1107937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203126\");\n # https://lists.suse.com/pipermail/sle-updates/2022-September/025152.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c402de3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_133-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.133.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sled-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.133.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sled-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.133.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_133-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T00:33:26", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3282-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3282-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-1462", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3282-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165228", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3282-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165228);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-29581\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3282-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3282-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3282-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203126\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012250.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e679c09\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.109.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.109.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T20:49:29", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5384-1 advisory.\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5384-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0617", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1076-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1062", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1062", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge"], "id": "UBUNTU_USN-5384-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160025", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5384-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160025);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-0617\", \"CVE-2022-24448\", \"CVE-2022-24959\");\n script_xref(name:\"USN\", value:\"5384-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5384-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5384-1 advisory.\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5384-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1076-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0617', 'CVE-2022-24448', 'CVE-2022-24959');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5384-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'linux-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-cloud-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-headers-5.4.0-1077', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-headers-5.4.0-1068', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-cloud-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-headers-5.4.0-1039', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-source-5.4.0', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-headers-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-5.4.0-109', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-common', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-headers-5.4.0-109', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-source-5.4.0', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-5.4.0-109', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-common', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-cloud-tools-common', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-headers-5.4.0-1020', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-source-5.4.0', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-tools-5.4.0-1020', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-tools-common', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-image-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-headers-5.4.0-1070', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-tools-5.4.0-1070', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-5.4-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-5.4-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-tools-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '20.04', 'pkgname': 'linux-aws-cloud-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-aws-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-aws-lts-20.04', 'pkgver': '5.4.0.1072.74'},\n {'osver': '20.04', 'pkgname': 'linux-aws-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-azure-cloud-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-azure-headers-5.4.0-1077', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-azure-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-109', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-lts-20.04', 'pkgver': '5.4.0.1072.80'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-gke', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-gke-headers-5.4.0-1068', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-gke-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-cloud-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-headers-5.4.0-1039', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-source-5.4.0', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {
kernel security, bug fix, and enhancement update
