DATABASE RESOURCES PRICING ABOUT US

{"id": "ELSA-2022-9274", "vendorId": null, "type": "oraclelinux", "bulletinFamily": "unix", "title": "Unbreakable Enterprise kernel-container security update", "description": "[5.4.17-2136.306.1.3]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo\n Bonzini) [Orabug: 34053807] {CVE-2022-1158}\n[5.4.17-2136.306.1.2]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair)\n [Orabug: 34045203]\n[5.4.17-2136.306.1.1]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016}\n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682]\n[5.4.17-2136.306.1]\n- sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966}\n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600}\n- KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125]\n- x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125]\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519]\n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448}\n- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240]\n- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240]\n- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076]\n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420]\n- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420]\n- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420]\n- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420]\n- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420]\n- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261]\n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776]\n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016]\n- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851]\n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748]\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799]\n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430]\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471]\n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127]\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736]\n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]", "published": "2022-04-11T00:00:00", "modified": "2022-04-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "http://linux.oracle.com/errata/ELSA-2022-9274.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1016", "CVE-2022-1158", "CVE-2022-22942", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"], "immutableFields": [], "lastseen": "2022-04-11T23:30:40", "viewCount": 18, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0825", "ALSA-2022:1988"]}, {"type": "amazon", "idList": ["ALAS-2022-1571", "ALAS-2022-1577", "ALAS2-2022-1761", "ALAS2-2022-1768"]}, {"type": "amd", "idList": ["AMD-SB-1026", "AMD-SB-1036"]}, {"type": "androidsecurity", "idList": ["ANDROID:2022-05-01"]}, {"type": "attackerkb", "idList": ["AKB:373F5109-8A3F-4E40-8B13-25C90814132D"]}, {"type": "centos", "idList": ["CESA-2022:0620"]}, {"type": "citrix", "idList": ["CTX341586"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:9170AF39C296B9726CD7B93B3A36EC22", "CFOUNDRY:C1D2F4D8A3F0384C89F6C8D93A4DCF97", "CFOUNDRY:FD7245C3742F24986DE3C2791BDAC899"]}, {"type": "cve", "idList": ["CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1158", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2940-1:FB71D", "DEBIAN:DLA-2941-1:96084", "DEBIAN:DLA-3065-1:C1710", "DEBIAN:DSA-5092-1:463D4", "DEBIAN:DSA-5095-1:31FF6", "DEBIAN:DSA-5096-1:B47F5", "DEBIAN:DSA-5127-1:B6959", "DEBIAN:DSA-5173-1:5A28E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-36516", "DEBIANCVE:CVE-2021-22600", "DEBIANCVE:CVE-2021-26401", "DEBIANCVE:CVE-2022-0617", "DEBIANCVE:CVE-2022-1016", "DEBIANCVE:CVE-2022-1158", "DEBIANCVE:CVE-2022-22942", "DEBIANCVE:CVE-2022-23960", "DEBIANCVE:CVE-2022-24448", "DEBIANCVE:CVE-2022-26966"]}, {"type": "f5", "idList": ["F5:K30914425"]}, {"type": "githubexploit", "idList": ["AC8391C6-9C7C-562A-A523-E925BC4005C3"]}, {"type": "ibm", "idList": ["72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "8629A4ADAFCB95D5120D30DB27A7FEE450956908C79505EDF721F7E19CC8A212", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "ED670677BEE7F824FAA4922AD08CFBF43478203FCCB636E589E6854737336228"]}, {"type": "mageia", "idList": ["MGASA-2022-0041", "MGASA-2022-0042", "MGASA-2022-0062", "MGASA-2022-0063", "MGASA-2022-0100", "MGASA-2022-0101", "MGASA-2022-0121", "MGASA-2022-0122", "MGASA-2022-0154", "MGASA-2022-0155"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1761.NASL", "AL2_ALAS-2022-1768.NASL", "AL2_ALASKERNEL-5_10-2022-011.NASL", "AL2_ALASKERNEL-5_10-2022-012.NASL", "AL2_ALASKERNEL-5_15-2022-001.NASL", "AL2_ALASKERNEL-5_4-2022-023.NASL", "AL2_ALASKERNEL-5_4-2022-024.NASL", "ALA_ALAS-2022-1571.NASL", "ALA_ALAS-2022-1577.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "CENTOS8_RHSA-2022-0825.NASL", "CENTOS_RHSA-2022-0620.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DSA-5092.NASL", "DEBIAN_DSA-5095.NASL", "DEBIAN_DSA-5096.NASL", "DEBIAN_DSA-5127.NASL", "DEBIAN_DSA-5173.NASL", "EULEROS_SA-2022-1366.NASL", "EULEROS_SA-2022-1429.NASL", "EULEROS_SA-2022-1450.NASL", "EULEROS_SA-2022-1537.NASL", "EULEROS_SA-2022-1607.NASL", "EULEROS_SA-2022-1630.NASL", "EULEROS_SA-2022-1647.NASL", "EULEROS_SA-2022-1661.NASL", "EULEROS_SA-2022-1681.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-1779.NASL", "EULEROS_SA-2022-1781.NASL", "EULEROS_SA-2022-1791.NASL", "EULEROS_SA-2022-1808.NASL", "EULEROS_SA-2022-1817.NASL", "EULEROS_SA-2022-1829.NASL", "EULEROS_SA-2022-1844.NASL", "EULEROS_SA-2022-1868.NASL", "EULEROS_SA-2022-1896.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-2026.NASL", "EULEROS_SA-2022-2054.NASL", "EULEROS_SA-2022-2075.NASL", "EULEROS_SA-2022-2081.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2181.NASL", "EULEROS_SA-2022-2200.NASL", "OPENSUSE-2022-0363-1.NASL", "OPENSUSE-2022-0370-1.NASL", "OPENSUSE-2022-0768-1.NASL", "OPENSUSE-2022-0940-1.NASL", "OPENSUSE-2022-1037-1.NASL", "OPENSUSE-2022-1039-1.NASL", "ORACLELINUX_ELSA-2022-0620.NASL", "ORACLELINUX_ELSA-2022-0825.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-9198.NASL", "ORACLELINUX_ELSA-2022-9199.NASL", "ORACLELINUX_ELSA-2022-9200.NASL", "ORACLELINUX_ELSA-2022-9201.NASL", "ORACLELINUX_ELSA-2022-9244.NASL", "ORACLELINUX_ELSA-2022-9245.NASL", "ORACLELINUX_ELSA-2022-9260.NASL", "ORACLELINUX_ELSA-2022-9264.NASL", "ORACLELINUX_ELSA-2022-9265.NASL", "ORACLELINUX_ELSA-2022-9266.NASL", "ORACLELINUX_ELSA-2022-9267.NASL", "ORACLELINUX_ELSA-2022-9270.NASL", "ORACLELINUX_ELSA-2022-9271.NASL", "ORACLELINUX_ELSA-2022-9273.NASL", "ORACLELINUX_ELSA-2022-9274.NASL", "ORACLELINUX_ELSA-2022-9313.NASL", "ORACLELINUX_ELSA-2022-9314.NASL", "ORACLELINUX_ELSA-2022-9348.NASL", "ORACLELINUX_ELSA-2022-9365.NASL", "ORACLELINUX_ELSA-2022-9368.NASL", "ORACLEVM_OVMSA-2022-0011.NASL", "ORACLEVM_OVMSA-2022-0014.NASL", "REDHAT-RHSA-2022-0592.NASL", "REDHAT-RHSA-2022-0620.NASL", "REDHAT-RHSA-2022-0622.NASL", "REDHAT-RHSA-2022-0771.NASL", "REDHAT-RHSA-2022-0772.NASL", "REDHAT-RHSA-2022-0777.NASL", "REDHAT-RHSA-2022-0819.NASL", "REDHAT-RHSA-2022-0820.NASL", "REDHAT-RHSA-2022-0821.NASL", "REDHAT-RHSA-2022-0823.NASL", "REDHAT-RHSA-2022-0825.NASL", "REDHAT-RHSA-2022-0841.NASL", "REDHAT-RHSA-2022-0849.NASL", "REDHAT-RHSA-2022-0851.NASL", "REDHAT-RHSA-2022-0925.NASL", "REDHAT-RHSA-2022-0958.NASL", "REDHAT-RHSA-2022-1103.NASL", "REDHAT-RHSA-2022-1107.NASL", "REDHAT-RHSA-2022-1263.NASL", "REDHAT-RHSA-2022-1324.NASL", "REDHAT-RHSA-2022-1373.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SL_20220223_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2022-0363-1.NASL", "SUSE_SU-2022-0364-1.NASL", "SUSE_SU-2022-0365-1.NASL", "SUSE_SU-2022-0370-1.NASL", "SUSE_SU-2022-0372-1.NASL", "SUSE_SU-2022-0543-1.NASL", "SUSE_SU-2022-0544-1.NASL", "SUSE_SU-2022-0555-1.NASL", "SUSE_SU-2022-0619-1.NASL", "SUSE_SU-2022-0660-1.NASL", "SUSE_SU-2022-0756-1.NASL", "SUSE_SU-2022-0757-1.NASL", "SUSE_SU-2022-0759-1.NASL", "SUSE_SU-2022-0761-1.NASL", "SUSE_SU-2022-0762-1.NASL", "SUSE_SU-2022-0765-1.NASL", "SUSE_SU-2022-0766-1.NASL", "SUSE_SU-2022-0767-1.NASL", "SUSE_SU-2022-0768-1.NASL", "SUSE_SU-2022-0931-1.NASL", "SUSE_SU-2022-0939-1.NASL", "SUSE_SU-2022-0940-1.NASL", "SUSE_SU-2022-1037-1.NASL", "SUSE_SU-2022-1038-1.NASL", "SUSE_SU-2022-1039-1.NASL", "SUSE_SU-2022-1163-1.NASL", "SUSE_SU-2022-1172-1.NASL", "SUSE_SU-2022-1183-1.NASL", "SUSE_SU-2022-1189-1.NASL", "SUSE_SU-2022-1193-1.NASL", "SUSE_SU-2022-1194-1.NASL", "SUSE_SU-2022-1196-1.NASL", "SUSE_SU-2022-1197-1.NASL", "SUSE_SU-2022-1212-1.NASL", "SUSE_SU-2022-1223-1.NASL", "SUSE_SU-2022-1242-1.NASL", "SUSE_SU-2022-1246-1.NASL", "SUSE_SU-2022-1255-1.NASL", "SUSE_SU-2022-1256-1.NASL", "SUSE_SU-2022-1257-1.NASL", "SUSE_SU-2022-1266-1.NASL", "SUSE_SU-2022-1267-1.NASL", "SUSE_SU-2022-1270-1.NASL", "SUSE_SU-2022-1278-1.NASL", "SUSE_SU-2022-1283-1.NASL", "SUSE_SU-2022-1285-1.NASL", "SUSE_SU-2022-1300-1.NASL", "SUSE_SU-2022-1318-1.NASL", "SUSE_SU-2022-1320-1.NASL", "SUSE_SU-2022-1322-1.NASL", "SUSE_SU-2022-1326-1.NASL", "SUSE_SU-2022-1329-1.NASL", "SUSE_SU-2022-1335-1.NASL", "SUSE_SU-2022-1359-1.NASL", "SUSE_SU-2022-1369-1.NASL", "SUSE_SU-2022-1375-1.NASL", "SUSE_SU-2022-1402-1.NASL", "SUSE_SU-2022-1407-1.NASL", "SUSE_SU-2022-1408-1.NASL", "SUSE_SU-2022-1440-1.NASL", "SUSE_SU-2022-1453-1.NASL", "SUSE_SU-2022-1486-1.NASL", "SUSE_SU-2022-14905-1.NASL", "SUSE_SU-2022-1569-1.NASL", "SUSE_SU-2022-1571-1.NASL", "SUSE_SU-2022-1573-1.NASL", "SUSE_SU-2022-1575-1.NASL", "SUSE_SU-2022-1591-1.NASL", "SUSE_SU-2022-1593-1.NASL", "SUSE_SU-2022-1605-1.NASL", "SUSE_SU-2022-1629-1.NASL", "SUSE_SU-2022-1634-1.NASL", "SUSE_SU-2022-1637-1.NASL", "SUSE_SU-2022-1651-1.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2268-1.NASL", "SUSE_SU-2022-2376-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "UBUNTU_USN-5266-1.NASL", "UBUNTU_USN-5278-1.NASL", "UBUNTU_USN-5294-1.NASL", "UBUNTU_USN-5294-2.NASL", "UBUNTU_USN-5295-1.NASL", "UBUNTU_USN-5295-2.NASL", "UBUNTU_USN-5297-1.NASL", "UBUNTU_USN-5298-1.NASL", "UBUNTU_USN-5302-1.NASL", "UBUNTU_USN-5317-1.NASL", "UBUNTU_USN-5318-1.NASL", "UBUNTU_USN-5362-1.NASL", "UBUNTU_USN-5381-1.NASL", "UBUNTU_USN-5383-1.NASL", "UBUNTU_USN-5384-1.NASL", "UBUNTU_USN-5385-1.NASL", "UBUNTU_USN-5390-1.NASL", "UBUNTU_USN-5390-2.NASL", "UBUNTU_USN-5415-1.NASL", "UBUNTU_USN-5416-1.NASL", "UBUNTU_USN-5417-1.NASL", "UBUNTU_USN-5418-1.NASL", "UBUNTU_USN-5466-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5468-1.NASL", "UBUNTU_USN-5469-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0620", "ELSA-2022-0825", "ELSA-2022-1988", "ELSA-2022-9198", "ELSA-2022-9199", "ELSA-2022-9200", "ELSA-2022-9201", "ELSA-2022-9244", "ELSA-2022-9245", "ELSA-2022-9260", "ELSA-2022-9264", "ELSA-2022-9265", "ELSA-2022-9266", "ELSA-2022-9267", "ELSA-2022-9270", "ELSA-2022-9271", "ELSA-2022-9273", "ELSA-2022-9313", "ELSA-2022-9314", "ELSA-2022-9348", "ELSA-2022-9365", "ELSA-2022-9368"]}, {"type": "osv", "idList": ["OSV:DLA-2940-1", "OSV:DLA-2941-1", "OSV:DLA-3065-1", "OSV:DSA-5092-1", "OSV:DSA-5095-1", "OSV:DSA-5096-1", "OSV:DSA-5127-1", "OSV:DSA-5173-1"]}, {"type": "photon", "idList": ["PHSA-2022-0148", "PHSA-2022-0168", "PHSA-2022-0356", "PHSA-2022-0376", "PHSA-2022-0393", "PHSA-2022-0459"]}, {"type": "redhat", "idList": ["RHSA-2022:0592", "RHSA-2022:0620", "RHSA-2022:0622", "RHSA-2022:0771", "RHSA-2022:0772", "RHSA-2022:0777", "RHSA-2022:0819", "RHSA-2022:0820", "RHSA-2022:0821", "RHSA-2022:0823", "RHSA-2022:0825", "RHSA-2022:0841", "RHSA-2022:0849", "RHSA-2022:0851", "RHSA-2022:0856", "RHSA-2022:0925", "RHSA-2022:0958", "RHSA-2022:1083", "RHSA-2022:1103", "RHSA-2022:1107", "RHSA-2022:1263", "RHSA-2022:1324", "RHSA-2022:1373", "RHSA-2022:1396", "RHSA-2022:1476", "RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:4814", "RHSA-2022:4956", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-36516", "RH:CVE-2021-22600", "RH:CVE-2021-26341", "RH:CVE-2021-26401", "RH:CVE-2022-0617", "RH:CVE-2022-1016", "RH:CVE-2022-1158", "RH:CVE-2022-22942", "RH:CVE-2022-23960", "RH:CVE-2022-24448", "RH:CVE-2022-26966"]}, {"type": "slackware", "idList": ["SSA-2022-129-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0363-1", "OPENSUSE-SU-2022:0370-1", "OPENSUSE-SU-2022:0768-1", "OPENSUSE-SU-2022:0940-1", "OPENSUSE-SU-2022:1037-1", "OPENSUSE-SU-2022:1039-1", "SUSE-SU-2022:1163-1", "SUSE-SU-2022:1183-1", "SUSE-SU-2022:1256-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2615-1"]}, {"type": "thn", "idList": ["THN:D83BCA7444B07BB4964502B0F216E095"]}, {"type": "ubuntu", "idList": ["USN-5266-1", "USN-5278-1", "USN-5294-1", "USN-5294-2", "USN-5295-1", "USN-5295-2", "USN-5297-1", "USN-5298-1", "USN-5302-1", "USN-5317-1", "USN-5318-1", "USN-5362-1", "USN-5381-1", "USN-5383-1", "USN-5384-1", "USN-5385-1", "USN-5390-1", "USN-5390-2", "USN-5415-1", "USN-5416-1", "USN-5417-1", "USN-5418-1", "USN-5466-1", "USN-5467-1", "USN-5468-1", "USN-5469-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-36516", "UB:CVE-2021-22600", "UB:CVE-2021-26401", "UB:CVE-2022-0617", "UB:CVE-2022-1016", "UB:CVE-2022-1158", "UB:CVE-2022-22942", "UB:CVE-2022-23960", "UB:CVE-2022-24448", "UB:CVE-2022-26966"]}, {"type": "veracode", "idList": ["VERACODE:34088", "VERACODE:34347", "VERACODE:35280", "VERACODE:35281", "VERACODE:35289", "VERACODE:35531", "VERACODE:35533", "VERACODE:36022", "VERACODE:36099"]}, {"type": "xen", "idList": ["XSA-398"]}]}, "epss": [{"cve": "CVE-2020-36516", "epss": "0.000470000", "percentile": "0.142870000", "modified": "2023-03-19"}, {"cve": "CVE-2021-22600", "epss": "0.000630000", "percentile": "0.247250000", "modified": "2023-03-19"}, {"cve": "CVE-2021-26341", "epss": "0.000430000", "percentile": "0.069270000", "modified": "2023-03-19"}, {"cve": "CVE-2021-26401", "epss": "0.000430000", "percentile": "0.069270000", "modified": "2023-03-19"}, {"cve": "CVE-2022-0617", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2022-1016", "epss": "0.000450000", "percentile": "0.121930000", "modified": "2023-03-19"}, {"cve": "CVE-2022-1158", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2022-23960", "epss": "0.000520000", "percentile": "0.182190000", "modified": "2023-03-19"}, {"cve": "CVE-2022-24448", "epss": "0.000460000", "percentile": "0.128480000", "modified": "2023-03-19"}, {"cve": "CVE-2022-26966", "epss": "0.000450000", "percentile": "0.118840000", "modified": "2023-03-19"}], "vulnersScore": 0.9}, "_state": {"score": 1659972467, "dependencies": 1660016219, "epss": 1679288289}, "_internal": {"score_hash": "86878c47ba647177261c1694d1199bdc"}, "affectedPackage": [{"OS": "oracle linux", "OSVersion": "7", "arch": "src", "packageVersion": "5.4.17-2136.306.1.3.el7", "packageFilename": "kernel-uek-container-5.4.17-2136.306.1.3.el7.src.rpm", "operator": "lt", "packageName": "kernel-uek-container"}, {"OS": "oracle linux", "OSVersion": "7", "arch": "x86_64", "packageVersion": "5.4.17-2136.306.1.3.el7", "packageFilename": "kernel-uek-container-5.4.17-2136.306.1.3.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-uek-container"}, {"OS": "oracle linux", "OSVersion": "7", "arch": "x86_64", "packageVersion": "5.4.17-2136.306.1.3.el7", "packageFilename": "kernel-uek-container-debug-5.4.17-2136.306.1.3.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-uek-container-debug"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "5.4.17-2136.306.1.3.el8", "packageFilename": "kernel-uek-container-5.4.17-2136.306.1.3.el8.src.rpm", "operator": "lt", "packageName": "kernel-uek-container"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "5.4.17-2136.306.1.3.el8", "packageFilename": "kernel-uek-container-5.4.17-2136.306.1.3.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-uek-container"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "5.4.17-2136.306.1.3.el8", "packageFilename": "kernel-uek-container-debug-5.4.17-2136.306.1.3.el8.x86_64.rpm", "operator": "lt", "packageName": "kernel-uek-container-debug"}]}

{"oraclelinux": [{"lastseen": "2022-04-11T23:30:28", "description": "[5.4.17-2136.306.1.3]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158}\n[5.4.17-2136.306.1.2]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203]\n[5.4.17-2136.306.1.1]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016}\n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682]\n[5.4.17-2136.306.1]\n- sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966}\n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600}\n- KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125] \n- x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125] \n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519] \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448}\n- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240] \n- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240] \n- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] \n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] \n- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] \n- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] \n- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] \n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] \n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] \n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] \n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] \n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] \n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] \n- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] \n- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] \n- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] \n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] \n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] \n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] \n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] \n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] \n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] \n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] \n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] \n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] \n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] \n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] \n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] \n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] \n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] \n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] \n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] \n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] \n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] \n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] \n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] \n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] \n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] \n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] \n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] \n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] \n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] \n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26341}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] \n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] \n- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] \n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1016", "CVE-2022-1158", "CVE-2022-22942", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-11T00:00:00", "id": "ELSA-2022-9273", "href": "http://linux.oracle.com/errata/ELSA-2022-9273.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:43", "description": "[4.14.35-2047.512.6]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] \n- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774]\n[4.14.35-2047.512.5]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] \n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}\n[4.14.35-2047.512.4]\n- Linux 4.14.265 (Greg Kroah-Hartman) \n- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) \n- EDAC/xgene: Fix deferred probing (Sergey Shtylyov) \n- EDAC/altera: Fix deferred probing (Sergey Shtylyov) \n- rtc: cmos: Evaluate century appropriate (Riwen Lu) \n- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) \n- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) \n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) \n- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) \n- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) \n- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) \n- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) \n- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) \n- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) \n- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) \n- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) \n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) \n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) \n- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) \n- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) \n- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) \n- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) \n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) \n- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) \n- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) \n- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) \n- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) \n- netfilter: nat: limit port clash resolution attempts (Florian Westphal) \n- netfilter: nat: remove l4 protocol port rovers (Florian Westphal) \n- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) \n- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) \n- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) \n- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) \n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) \n- drm/msm: Fix wrong size calculation (Xianting Tian) \n- net-procfs: show net devices bound packet types (Jianguo Wu) \n- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) \n- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) \n- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) \n- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) \n- ipv6_tunnel: Rate limit warning messages (Ido Schimmel) \n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) \n- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) \n- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) \n- i40e: fix unsigned stat widths (Joe Damato) \n- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) \n- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) \n- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) \n- net: sfp: ignore disabled SFP node (Marek Behun) \n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) \n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) \n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) \n- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) \n- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) \n- tty: Add support for Brainboxes UC cards. (Cameron Williams) \n- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) \n- serial: stm32: fix software flow control transfer (Valentin Caron) \n- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) \n- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) \n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) \n- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) \n- Bluetooth: refactor malicious adv data check (Brian Gix) \n- Linux 4.14.264 (Greg Kroah-Hartman) \n- can: bcm: fix UAF of bcm op (Ziyang Xuan) \n- Linux 4.14.263 (Greg Kroah-Hartman) \n- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) \n- gianfar: simplify FCS handling and fix memory leak (Andy Spencer) \n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) \n- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) \n- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) \n- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) \n- bcmgenet: add WOL IRQ check (Sergey Shtylyov) \n- net_sched: restore 'mpu xxx' handling (Kevin Bracey) \n- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) \n- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) \n- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) \n- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) \n- netns: add schedule point in ops_exit_list() (Eric Dumazet) \n- net: axienet: fix number of TX ring slots for available check (Robert Hancock) \n- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) \n- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) \n- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) \n- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) \n- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) \n- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) \n- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) \n- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) \n- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) \n- firmware: Update Kconfig help text for Google firmware (Ben Hutchings) \n- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) \n- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) \n- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) \n- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) \n- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) \n- ext4: make sure quota gets properly shutdown on error (Jan Kara) \n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) \n- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) \n- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) \n- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) \n- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) \n- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) \n- scsi: sr: Don't use GFP_DMA (Christoph Hellwig) \n- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) \n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) \n- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) \n- ALSA: seq: Set upper limit of processed events (Takashi Iwai) \n- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) \n- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) \n- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) \n- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) \n- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) \n- powerpc/btext: add missing of_node_put (Julia Lawall) \n- powerpc/cell: add missing of_node_put (Julia Lawall) \n- powerpc/powernv: add missing of_node_put (Julia Lawall) \n- powerpc/6xx: add missing of_node_put (Julia Lawall) \n- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) \n- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) \n- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) \n- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) \n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) \n- dm btree: add a defensive bounds check to insert_at() (Joe Thornber) \n- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) \n- net: mdio: Demote probed message to debug print (Florian Fainelli) \n- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) \n- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) \n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) \n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) \n- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) \n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) \n- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) \n- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) \n- iwlwifi: remove module loading failure message (Johannes Berg) \n- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) \n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) \n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) \n- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) \n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) \n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: igorplugusb: receiver overflow should be reported (Sean Young) \n- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) \n- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) \n- ath10k: Fix tx hanging (Sebastian Gottschall) \n- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) \n- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) \n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) \n- floppy: Add max size check for user space request (Xiongwei Song) \n- usb: uhci: add aspeed ast2600 uhci support (Neal Liu) \n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) \n- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) \n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) \n- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) \n- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) \n- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) \n- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) \n- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) \n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) \n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) \n- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) \n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) \n- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) \n- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) \n- mips: lantiq: add support for clk_set_parent() (Randy Dunlap) \n- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) \n- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) \n- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) \n- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) \n- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) \n- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) \n- char/mwave: Adjust io port register size (Kees Cook) \n- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) \n- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) \n- RDMA/hns: Validate the pkey index (Kamal Heib) \n- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ext4: avoid trim error on fs with small groups (Jan Kara) \n- net: mcs7830: handle usb read errors properly (Pavel Skripkin) \n- pcmcia: fix setting of kthread task states (Dominik Brodowski) \n- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) \n- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) \n- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) \n- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) \n- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) \n- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) \n- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) \n- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) \n- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) \n- media: dw2102: Fix use after free (Anton Vasilyev) \n- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) \n- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) \n- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) \n- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) \n- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) \n- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) \n- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) \n- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) \n- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) \n- netfilter: bridge: add support for pppoe filtering (Florian Westphal) \n- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) \n- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) \n- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) \n- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) \n- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) \n- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) \n- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) \n- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) \n- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) \n- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) \n- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) \n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) \n- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) \n- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) \n- media: stk1160: fix control-message timeouts (Johan Hovold) \n- media: pvrusb2: fix control-message timeouts (Johan Hovold) \n- media: redrat3: fix control-message timeouts (Johan Hovold) \n- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) \n- media: s2255: fix control-message timeouts (Johan Hovold) \n- media: cpia2: fix control-message timeouts (Johan Hovold) \n- media: em28xx: fix control-message timeouts (Johan Hovold) \n- media: mceusb: fix control-message timeouts (Johan Hovold) \n- media: flexcop-usb: fix control-message timeouts (Johan Hovold) \n- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) \n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) \n- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) \n- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) \n- HID: uhid: Fix worker destroying device without any protection (Jann Horn) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) \n- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) \n- media: uvcvideo: fix division by zero at stream start (Johan Hovold) \n- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) \n- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) \n- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) \n- random: fix data race on crng init time (Eric Biggers) \n- random: fix data race on crng_node_pool (Eric Biggers) \n- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) \n- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) \n- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) \n- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) \n- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) \n- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) \n- Linux 4.14.262 (Greg Kroah-Hartman) \n- mISDN: change function names to avoid conflicts (wolfgang huang) \n- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) \n- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) \n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) \n- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) \n- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) \n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) \n- rndis_host: support Hytera digital radios (Thomas Toye) \n- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) \n- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) \n- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) \n- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) \n- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) \n- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) \n- mac80211: initialize variable have_higher_than_11mbit (Tom Rix) \n- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) \n- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) \n- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) \n- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) \n- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) \n- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)\n[4.14.35-2047.512.3]\n- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317}\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] \n- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] \n- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] \n- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}\n- Linux 4.14.261 (Greg Kroah-Hartman) \n- sctp: use call_rcu to free endpoint (Xin Long) \n- net: fix use-after-free in tw_timer_handler (Muchun Song) \n- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) \n- Input: appletouch - initialize work before device registration (Pavel Skripkin) \n- binder: fix async_free_space accounting for empty parcels (Todd Kjos) \n- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) \n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) \n- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) \n- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) \n- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) \n- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) \n- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) \n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) \n- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) \n- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) \n- platform/x86: apple-gmux: use resource_size() with res (Wang Qing) \n- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) \n- Linux 4.14.260 (Greg Kroah-Hartman) \n- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) \n- hamradio: improve the incomplete fix to avoid NPD (Lin Ma) \n- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) \n- ax25: NPD bug when detaching AX25 device (Lin Ma) \n- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) \n- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) \n- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) \n- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) \n- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) \n- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) \n- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) \n- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) \n- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) \n- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) \n- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) \n- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- drivers: net: smc911x: Check for error irq (Jiasheng Jiang) \n- fjes: Check for error irq (Jiasheng Jiang) \n- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) \n- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) \n- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) \n- HID: holtek: fix mouse probing (Benjamin Tissoires) \n- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) \n- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] \n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}\n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] \n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] \n- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] \n- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] \n- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] \n- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] \n- dm: add dust target (Bryan Gurney) [Orabug: 33653698] \n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}\n- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] \n- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]\n[4.14.35-2047.512.1]\n- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] \n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435}\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}\n- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] \n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]\n[4.14.35-2047.512.0]\n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] \n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] \n- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] \n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] \n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] \n- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] \n- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] \n- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] \n- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] \n- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] \n- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] \n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] \n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] \n- Linux 4.14.259 (Greg Kroah-Hartman) \n- xen/console: harden hvc_xen against event channel storms (Juergen Gross) \n- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) \n- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) \n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) \n- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) \n- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) \n- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) \n- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) \n- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) \n- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) \n- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) \n- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) \n- USB: serial: option: add Telit FN990 compositions (Daniele Palmas) \n- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) \n- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) \n- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) \n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) \n- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) \n- igbvf: fix double free in 'igbvf_probe' (Letu Ren) \n- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) \n- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) \n- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) \n- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) \n- nfsd: fix use-after-free due to delegation race (J. Bruce Fields) \n- audit: improve robustness of the audit queue handling (Paul Moore) \n- dm btree remove: fix use after free in rebalance_children() (Joe Thornber) \n- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) \n- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) \n- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) \n- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) \n- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) \n- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) \n- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) \n- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) \n- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) \n- drm/msm/dsi: set default num_data_lanes (Philip Chen) \n- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) \n- Linux 4.14.258 (Greg Kroah-Hartman) \n- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) \n- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) \n- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) \n- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) \n- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) \n- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) \n- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) \n- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) \n- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) \n- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) \n- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) \n- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) \n- iio: trigger: Fix reference counting (Lars-Peter Clausen) \n- usb: core: config: using bit mask instead of individual bits (Pavel Hofman) \n- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) \n- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) \n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) \n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) \n- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) \n- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) \n- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) \n- net: altera: set a couple error code in probe() (Dan Carpenter) \n- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) \n- qede: validate non LSO skb length (Manish Chopra) \n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) \n- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) \n- signalfd: use wake_up_pollfree() (Eric Biggers) \n- binder: use wake_up_pollfree() (Eric Biggers) \n- wait: add wake_up_pollfree() (Eric Biggers) \n- libata: add horkage for ASMedia 1092 (Hannes Reinecke) \n- can: m_can: Disable and ignore ELO interrupt (Brian Silverman) \n- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) \n- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) \n- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) \n- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) \n- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) \n- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) \n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) \n- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) \n- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) \n- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) \n- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) \n- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) \n- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) \n- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) \n- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) \n- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) \n- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}\n- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) \n- serial: core: fix transmit-buffer reset and memleak (Johan Hovold) \n- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) \n- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) \n- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) \n- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) \n- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) \n- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) \n- parisc: Fix 'make install' on newer debian releases (Helge Deller) \n- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) \n- net/smc: Keep smc_close_final rc during active close (Tony Lu) \n- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) \n- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) \n- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) \n- siphash: use _unaligned version by default (Arnd Bergmann) \n- net: mpls: Fix notifications when deleting a device (Benjamin Poirier) \n- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) \n- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) \n- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) \n- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) \n- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) \n- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) \n- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) \n- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) \n- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) \n- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) \n- scsi: iscsi: Unblock session then wake up error handler (Mike Christie) \n- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) \n- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) \n- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) \n- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) \n- net: return correct error code (liuguoqiang) \n- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) \n- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) \n- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) \n- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- fuse: fix page stealing (Miklos Szeredi) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-25T00:00:00", "id": "ELSA-2022-9313", "href": "http://linux.oracle.com/errata/ELSA-2022-9313.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:51", "description": "[4.14.35-2047.512.6.el7]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] \n- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774]\n[4.14.35-2047.512.5]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] \n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}\n[4.14.35-2047.512.4]\n- Linux 4.14.265 (Greg Kroah-Hartman) \n- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) \n- EDAC/xgene: Fix deferred probing (Sergey Shtylyov) \n- EDAC/altera: Fix deferred probing (Sergey Shtylyov) \n- rtc: cmos: Evaluate century appropriate (Riwen Lu) \n- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) \n- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) \n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) \n- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) \n- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) \n- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) \n- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) \n- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) \n- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) \n- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) \n- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) \n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) \n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) \n- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) \n- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) \n- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) \n- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) \n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) \n- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) \n- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) \n- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) \n- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) \n- netfilter: nat: limit port clash resolution attempts (Florian Westphal) \n- netfilter: nat: remove l4 protocol port rovers (Florian Westphal) \n- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) \n- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) \n- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) \n- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) \n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) \n- drm/msm: Fix wrong size calculation (Xianting Tian) \n- net-procfs: show net devices bound packet types (Jianguo Wu) \n- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) \n- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) \n- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) \n- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) \n- ipv6_tunnel: Rate limit warning messages (Ido Schimmel) \n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) \n- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) \n- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) \n- i40e: fix unsigned stat widths (Joe Damato) \n- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) \n- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) \n- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) \n- net: sfp: ignore disabled SFP node (Marek Behun) \n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) \n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) \n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) \n- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) \n- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) \n- tty: Add support for Brainboxes UC cards. (Cameron Williams) \n- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) \n- serial: stm32: fix software flow control transfer (Valentin Caron) \n- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) \n- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) \n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) \n- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) \n- Bluetooth: refactor malicious adv data check (Brian Gix) \n- Linux 4.14.264 (Greg Kroah-Hartman) \n- can: bcm: fix UAF of bcm op (Ziyang Xuan) \n- Linux 4.14.263 (Greg Kroah-Hartman) \n- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) \n- gianfar: simplify FCS handling and fix memory leak (Andy Spencer) \n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) \n- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) \n- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) \n- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) \n- bcmgenet: add WOL IRQ check (Sergey Shtylyov) \n- net_sched: restore 'mpu xxx' handling (Kevin Bracey) \n- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) \n- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) \n- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) \n- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) \n- netns: add schedule point in ops_exit_list() (Eric Dumazet) \n- net: axienet: fix number of TX ring slots for available check (Robert Hancock) \n- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) \n- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) \n- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) \n- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) \n- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) \n- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) \n- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) \n- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) \n- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) \n- firmware: Update Kconfig help text for Google firmware (Ben Hutchings) \n- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) \n- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) \n- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) \n- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) \n- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) \n- ext4: make sure quota gets properly shutdown on error (Jan Kara) \n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) \n- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) \n- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) \n- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) \n- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) \n- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) \n- scsi: sr: Don't use GFP_DMA (Christoph Hellwig) \n- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) \n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) \n- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) \n- ALSA: seq: Set upper limit of processed events (Takashi Iwai) \n- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) \n- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) \n- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) \n- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) \n- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) \n- powerpc/btext: add missing of_node_put (Julia Lawall) \n- powerpc/cell: add missing of_node_put (Julia Lawall) \n- powerpc/powernv: add missing of_node_put (Julia Lawall) \n- powerpc/6xx: add missing of_node_put (Julia Lawall) \n- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) \n- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) \n- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) \n- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) \n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) \n- dm btree: add a defensive bounds check to insert_at() (Joe Thornber) \n- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) \n- net: mdio: Demote probed message to debug print (Florian Fainelli) \n- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) \n- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) \n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) \n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) \n- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) \n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) \n- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) \n- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) \n- iwlwifi: remove module loading failure message (Johannes Berg) \n- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) \n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) \n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) \n- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) \n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) \n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: igorplugusb: receiver overflow should be reported (Sean Young) \n- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) \n- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) \n- ath10k: Fix tx hanging (Sebastian Gottschall) \n- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) \n- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) \n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) \n- floppy: Add max size check for user space request (Xiongwei Song) \n- usb: uhci: add aspeed ast2600 uhci support (Neal Liu) \n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) \n- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) \n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) \n- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) \n- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) \n- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) \n- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) \n- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) \n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) \n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) \n- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) \n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) \n- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) \n- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) \n- mips: lantiq: add support for clk_set_parent() (Randy Dunlap) \n- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) \n- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) \n- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) \n- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) \n- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) \n- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) \n- char/mwave: Adjust io port register size (Kees Cook) \n- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) \n- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) \n- RDMA/hns: Validate the pkey index (Kamal Heib) \n- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ext4: avoid trim error on fs with small groups (Jan Kara) \n- net: mcs7830: handle usb read errors properly (Pavel Skripkin) \n- pcmcia: fix setting of kthread task states (Dominik Brodowski) \n- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) \n- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) \n- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) \n- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) \n- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) \n- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) \n- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) \n- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) \n- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) \n- media: dw2102: Fix use after free (Anton Vasilyev) \n- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) \n- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) \n- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) \n- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) \n- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) \n- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) \n- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) \n- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) \n- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) \n- netfilter: bridge: add support for pppoe filtering (Florian Westphal) \n- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) \n- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) \n- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) \n- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) \n- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) \n- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) \n- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) \n- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) \n- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) \n- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) \n- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) \n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) \n- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) \n- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) \n- media: stk1160: fix control-message timeouts (Johan Hovold) \n- media: pvrusb2: fix control-message timeouts (Johan Hovold) \n- media: redrat3: fix control-message timeouts (Johan Hovold) \n- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) \n- media: s2255: fix control-message timeouts (Johan Hovold) \n- media: cpia2: fix control-message timeouts (Johan Hovold) \n- media: em28xx: fix control-message timeouts (Johan Hovold) \n- media: mceusb: fix control-message timeouts (Johan Hovold) \n- media: flexcop-usb: fix control-message timeouts (Johan Hovold) \n- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) \n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) \n- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) \n- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) \n- HID: uhid: Fix worker destroying device without any protection (Jann Horn) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) \n- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) \n- media: uvcvideo: fix division by zero at stream start (Johan Hovold) \n- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) \n- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) \n- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) \n- random: fix data race on crng init time (Eric Biggers) \n- random: fix data race on crng_node_pool (Eric Biggers) \n- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) \n- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) \n- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) \n- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) \n- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) \n- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) \n- Linux 4.14.262 (Greg Kroah-Hartman) \n- mISDN: change function names to avoid conflicts (wolfgang huang) \n- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) \n- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) \n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) \n- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) \n- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) \n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) \n- rndis_host: support Hytera digital radios (Thomas Toye) \n- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) \n- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) \n- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) \n- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) \n- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) \n- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) \n- mac80211: initialize variable have_higher_than_11mbit (Tom Rix) \n- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) \n- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) \n- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) \n- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) \n- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) \n- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)\n[4.14.35-2047.512.3]\n- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317}\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] \n- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] \n- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] \n- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}\n- Linux 4.14.261 (Greg Kroah-Hartman) \n- sctp: use call_rcu to free endpoint (Xin Long) \n- net: fix use-after-free in tw_timer_handler (Muchun Song) \n- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) \n- Input: appletouch - initialize work before device registration (Pavel Skripkin) \n- binder: fix async_free_space accounting for empty parcels (Todd Kjos) \n- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) \n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) \n- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) \n- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) \n- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) \n- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) \n- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) \n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) \n- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) \n- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) \n- platform/x86: apple-gmux: use resource_size() with res (Wang Qing) \n- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) \n- Linux 4.14.260 (Greg Kroah-Hartman) \n- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) \n- hamradio: improve the incomplete fix to avoid NPD (Lin Ma) \n- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) \n- ax25: NPD bug when detaching AX25 device (Lin Ma) \n- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) \n- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) \n- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) \n- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) \n- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) \n- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) \n- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) \n- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) \n- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) \n- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) \n- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) \n- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- drivers: net: smc911x: Check for error irq (Jiasheng Jiang) \n- fjes: Check for error irq (Jiasheng Jiang) \n- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) \n- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) \n- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) \n- HID: holtek: fix mouse probing (Benjamin Tissoires) \n- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) \n- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] \n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}\n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] \n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] \n- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] \n- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] \n- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] \n- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] \n- dm: add dust target (Bryan Gurney) [Orabug: 33653698] \n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}\n- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] \n- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]\n[4.14.35-2047.512.1]\n- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] \n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435}\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}\n- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] \n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]\n[4.14.35-2047.512.0]\n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] \n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] \n- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] \n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] \n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] \n- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] \n- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] \n- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] \n- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] \n- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] \n- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] \n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] \n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] \n- Linux 4.14.259 (Greg Kroah-Hartman) \n- xen/console: harden hvc_xen against event channel storms (Juergen Gross) \n- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) \n- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) \n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) \n- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) \n- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) \n- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) \n- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) \n- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) \n- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) \n- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) \n- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) \n- USB: serial: option: add Telit FN990 compositions (Daniele Palmas) \n- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) \n- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) \n- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) \n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) \n- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) \n- igbvf: fix double free in 'igbvf_probe' (Letu Ren) \n- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) \n- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) \n- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) \n- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) \n- nfsd: fix use-after-free due to delegation race (J. Bruce Fields) \n- audit: improve robustness of the audit queue handling (Paul Moore) \n- dm btree remove: fix use after free in rebalance_children() (Joe Thornber) \n- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) \n- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) \n- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) \n- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) \n- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) \n- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) \n- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) \n- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) \n- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) \n- drm/msm/dsi: set default num_data_lanes (Philip Chen) \n- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) \n- Linux 4.14.258 (Greg Kroah-Hartman) \n- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) \n- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) \n- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) \n- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) \n- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) \n- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) \n- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) \n- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) \n- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) \n- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) \n- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) \n- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) \n- iio: trigger: Fix reference counting (Lars-Peter Clausen) \n- usb: core: config: using bit mask instead of individual bits (Pavel Hofman) \n- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) \n- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) \n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) \n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) \n- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) \n- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) \n- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) \n- net: altera: set a couple error code in probe() (Dan Carpenter) \n- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) \n- qede: validate non LSO skb length (Manish Chopra) \n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) \n- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) \n- signalfd: use wake_up_pollfree() (Eric Biggers) \n- binder: use wake_up_pollfree() (Eric Biggers) \n- wait: add wake_up_pollfree() (Eric Biggers) \n- libata: add horkage for ASMedia 1092 (Hannes Reinecke) \n- can: m_can: Disable and ignore ELO interrupt (Brian Silverman) \n- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) \n- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) \n- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) \n- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) \n- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) \n- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) \n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) \n- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) \n- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) \n- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) \n- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) \n- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) \n- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) \n- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) \n- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) \n- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) \n- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}\n- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) \n- serial: core: fix transmit-buffer reset and memleak (Johan Hovold) \n- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) \n- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) \n- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) \n- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) \n- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) \n- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) \n- parisc: Fix 'make install' on newer debian releases (Helge Deller) \n- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) \n- net/smc: Keep smc_close_final rc during active close (Tony Lu) \n- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) \n- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) \n- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) \n- siphash: use _unaligned version by default (Arnd Bergmann) \n- net: mpls: Fix notifications when deleting a device (Benjamin Poirier) \n- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) \n- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) \n- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) \n- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) \n- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) \n- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) \n- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) \n- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) \n- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) \n- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) \n- scsi: iscsi: Unblock session then wake up error handler (Mike Christie) \n- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) \n- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) \n- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) \n- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) \n- net: return correct error code (liuguoqiang) \n- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) \n- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) \n- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) \n- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- fuse: fix page stealing (Miklos Szeredi) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-25T00:00:00", "id": "ELSA-2022-9314", "href": "http://linux.oracle.com/errata/ELSA-2022-9314.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T17:29:38", "description": "[4.1.12-124.61.2]\n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34023956]\n[4.1.12-124.61.1]\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835812] {CVE-2022-0330}\n- drm/i915: Reduce locking in execlist command submission (Chris Wilson) [Orabug: 33835812] {CVE-2022-0330}\n- ipv4: make exception cache less predictible (Eric Dumazet) [Orabug: 33894531] {CVE-2021-20322}\n- route: also update fnhe_genid when updating a route cache (Xin Long) [Orabug: 33894531] {CVE-2021-20322}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- sctp: add vtag check in sctp_sf_violation (Xin Long) [Orabug: 33924717] {CVE-2021-3772}\n- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) [Orabug: 33924717] {CVE-2021-3772}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962995] {CVE-2022-26966}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20322", "CVE-2021-3772", "CVE-2022-0330", "CVE-2022-26966"], "modified": "2022-04-05T00:00:00", "id": "ELSA-2022-9260", "href": "http://linux.oracle.com/errata/ELSA-2022-9260.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-03-19T01:29:16", "description": "- 4.14.35-2047.511.5.4.el7\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922122] {CVE-2021-26341}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926438]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-03-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341"], "modified": "2022-03-08T00:00:00", "id": "ELSA-2022-9201", "href": "http://linux.oracle.com/errata/ELSA-2022-9201.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-19T01:29:00", "description": "[4.14.35-2047.511.5.4]\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922122] {CVE-2021-26341}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341}\n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926438]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-03-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341"], "modified": "2022-03-08T00:00:00", "id": "ELSA-2022-9198", "href": "http://linux.oracle.com/errata/ELSA-2022-9198.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-19T01:29:02", "description": "[5.4.17-2136.304.4.4]\n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646]\n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646]\n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646]\n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646]\n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646]\n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646]\n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646]\n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646]\n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646]\n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646]\n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646]\n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646]\n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646]\n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646]\n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646]\n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646]\n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646]\n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646]\n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646]\n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646]\n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646]\n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646]\n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921646]\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921646]\n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921646]\n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921646]\n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921646]\n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921646]\n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921646]\n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921646]\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921646]\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921646]\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-03-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341"], "modified": "2022-03-08T00:00:00", "id": "ELSA-2022-9200", "href": "http://linux.oracle.com/errata/ELSA-2022-9200.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-19T01:29:05", "description": "[5.4.17-2136.304.4.4]\n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646] \n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646] \n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646] \n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646] \n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646] \n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646] \n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646] \n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646] \n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646] \n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646] \n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646] \n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646] \n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646] \n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646] \n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646] \n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646] \n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646] \n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646] \n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646] \n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646] \n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646] \n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646] \n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921646] \n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921646] \n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921646] \n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921646] \n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921646] \n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921646] \n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921646] \n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921646] \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921646] \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921646] \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}\n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-03-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341"], "modified": "2022-03-08T00:00:00", "id": "ELSA-2022-9199", "href": "http://linux.oracle.com/errata/ELSA-2022-9199.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-16T00:40:47", "description": "[5.4.17-2136.305.5.5]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158"], "modified": "2022-04-08T00:00:00", "id": "ELSA-2022-9264", "href": "http://linux.oracle.com/errata/ELSA-2022-9264.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-16T00:40:52", "description": "[5.4.17-2136.305.5.5]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo\n Bonzini) [Orabug: 34034594] {CVE-2022-1158}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158"], "modified": "2022-04-08T00:00:00", "id": "ELSA-2022-9265", "href": "http://linux.oracle.com/errata/ELSA-2022-9265.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-07T17:29:35", "description": "[4.14.35-2047.511.5.5.1.el7uek] \n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34018777] {CVE-2022-1016}", "cvss3": {}, "published": "2022-04-07T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1016"], "modified": "2022-04-07T00:00:00", "id": "ELSA-2022-9267", "href": "http://linux.oracle.com/errata/ELSA-2022-9267.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-07T17:29:38", "description": "[4.14.35-2047.511.5.5.1.el7uek] \n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34018777] {CVE-2022-1016}", "cvss3": {}, "published": "2022-04-07T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1016"], "modified": "2022-04-07T00:00:00", "id": "ELSA-2022-9266", "href": "http://linux.oracle.com/errata/ELSA-2022-9266.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-08T15:46:49", "description": "[4.14.35-2047.511.5.8.el7uek] \n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34048826] {CVE-2022-1016}", "cvss3": {}, "published": "2022-04-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1016"], "modified": "2022-04-08T00:00:00", "id": "ELSA-2022-9270", "href": "http://linux.oracle.com/errata/ELSA-2022-9270.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-08T15:46:58", "description": "[4.14.35-2047.511.5.8.el7uek] \n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34048826] {CVE-2022-1016}", "cvss3": {}, "published": "2022-04-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1016"], "modified": "2022-04-08T00:00:00", "id": "ELSA-2022-9271", "href": "http://linux.oracle.com/errata/ELSA-2022-9271.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T04:51:23", "description": "[3.10.0-1160.83.1.0.1.OL7]\n- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}\n[3.10.0-1160.83.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.83.1]\n- x86/sme: avoid using __x86_return_thunk (Rafael Aquini) [2122158]\n- scsi: core: Simplify control flow in scmd_eh_abort_handler() (Ewan D. Milne) [2128337]\n- scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run (Ewan D. Milne) [2128337]\n- [netdrv] i40e: Fix freeing of uninitialized misc IRQ vector (Jamie Bainbridge) [2129248]\n- x86/speculation: Use generic retpoline by default on AMD (Rafael Aquini) [2062165] {CVE-2021-26401}\n[3.10.0-1160.82.1]\n- net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}\n- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}\n- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}\n- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}\n- net: usb: ax88179_178a: fix packet alignment padding (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}\n- mm: swap: disable swap_vma_readahead for PPC64 (Rafael Aquini) [2142455]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-25T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26401", "CVE-2022-2964"], "modified": "2023-01-25T00:00:00", "id": "ELSA-2023-0399", "href": "http://linux.oracle.com/errata/ELSA-2023-0399.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-15T15:26:06", "description": "[4.18.0-425.3.1.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]\n[4.18.0-425.3.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]\n- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]\n- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]\n- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]\n- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]\n- netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]\n- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]\n- netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]\n- netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]\n- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]\n- iavf: Detach device during reset task (Petr Oros) [2069206]\n[4.18.0-425.2.1]\n- EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]\n[4.18.0-425.1.1]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]\n- redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]\n[4.18.0-425]\n- EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]\n- EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]\n[4.18.0-424]\n- redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]\n- ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]\n- serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]\n- serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]\n- spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]\n- spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]\n- spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]\n- spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]\n- ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]\n- spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]\n- spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]\n- spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]\n- spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]\n- spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]\n- spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]\n- spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]\n- spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]\n- spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]\n- spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]\n- spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]\n- spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]\n- spi: Reduce kthread priority (Jaroslav Kysela) [2005073]\n- spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]\n- i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]\n- nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]\n- iavf: Fix reset error handling (Petr Oros) [2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2119759]\n- iavf: Fix missing state logs (Petr Oros) [2119759]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]\n[4.18.0-423]\n- netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]\n- net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]\n- net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]\n- net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]\n- net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]\n- net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]\n- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]\n- net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]\n- net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]\n- net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]\n- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]\n- net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]\n- net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]\n- net/mlx5: fix typo in comment (Amir Tzin) [2049440]\n- IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]\n- net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]\n- net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]\n- net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]\n- net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]\n- net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]\n- net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]\n- net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]\n- net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]\n- net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]\n- net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]\n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]\n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]\n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]\n- RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]\n- RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]\n- net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]\n- net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]\n- net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]\n- net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]\n- net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]\n- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]\n- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]\n- net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]\n- net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]\n- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]\n- net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]\n- net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]\n- net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]\n- net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]\n- net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]\n- net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]\n- net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]\n- net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]\n- net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]\n- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]\n- net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]\n- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]\n- net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]\n- net/mlx5: Add pages debugfs (Amir Tzin) [2049440]\n- net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]\n- net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]\n- net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]\n- net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]\n- mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]\n- net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]\n- net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]\n- net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]\n- net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]\n- net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]\n- net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]\n- net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]\n- RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]\n- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]\n- net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]\n- net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]\n- net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]\n- net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]\n- net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]\n- net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]\n- net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]\n- net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]\n- net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]\n- mlx5: remove unused static inlines (Amir Tzin) [2049440]\n- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]\n- RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]\n- RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]\n- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]\n- net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]\n- net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]\n- net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]\n- net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]\n- net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]\n- net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]\n- net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]\n- net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]\n- net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]\n- net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]\n- net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]\n- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]\n- net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]\n- net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]\n- net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]\n- net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]\n- net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]\n- net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]\n- net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]\n- net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]\n- net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]\n- net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}\n- net: let flow have same hash in two directions (Ivan Vecera) [2111094]\n- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]\n- net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]\n- ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use a more suitable label name (Ivan Vecera) [2111094]\n- ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]\n- selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]\n- ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]\n- selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]\n- ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]\n- ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]\n- net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]\n- route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]\n[4.18.0-422]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]\n- rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]\n- redhat: add ca7 to redhat/git/files (Jarod Wilson)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-15T00:00:00", "id": "ELSA-2022-7683", "href": "http://linux.oracle.com/errata/ELSA-2022-7683.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-02T08:39:49", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9273 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9273)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1015", "CVE-2022-1016", "CVE-2022-1158", "CVE-2022-22942", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2023-02-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9273.NASL", "href": "https://www.tenable.com/plugins/nessus/159642", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9273.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159642);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-22600\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2022-0617\",\n \"CVE-2022-1016\",\n \"CVE-2022-1158\",\n \"CVE-2022-22942\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26966\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9273)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9273 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9273.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22600\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.306.1.3.el7uek', '5.4.17-2136.306.1.3.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9273');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.306.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.306.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.306.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.306.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.306.1.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.306.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2136.306.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2136.306.1.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.306.1.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.306.1.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.306.1.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.306.1.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.306.1.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.306.1.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.306.1.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.306.1.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T05:46:25", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9274 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9274)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1015", "CVE-2022-1016", "CVE-2022-1158", "CVE-2022-22942", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2023-02-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9274.NASL", "href": "https://www.tenable.com/plugins/nessus/159644", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9274.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159644);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-22600\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2022-0617\",\n \"CVE-2022-1016\",\n \"CVE-2022-1158\",\n \"CVE-2022-22942\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26966\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9274)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9274 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9274.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22600\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.306.1.3.el7', '5.4.17-2136.306.1.3.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9274');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.306.1.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.306.1.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.306.1.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.306.1.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-13T18:44:03", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9313 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9313)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1015", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2022-9313.NASL", "href": "https://www.tenable.com/plugins/nessus/160190", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9313.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160190);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4002\",\n \"CVE-2021-4149\",\n \"CVE-2021-20317\",\n \"CVE-2021-26401\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0847\",\n \"CVE-2022-1016\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\",\n \"CVE-2022-26966\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9313)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9313 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the\n timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user\n privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9313.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.512.6.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9313');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.512.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.512.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.512.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.512.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.512.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.512.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.512.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-13T18:42:03", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9314 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9314)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1015", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2022-9314.NASL", "href": "https://www.tenable.com/plugins/nessus/160189", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9314.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160189);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4002\",\n \"CVE-2021-4149\",\n \"CVE-2021-20317\",\n \"CVE-2021-26401\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0847\",\n \"CVE-2022-1016\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\",\n \"CVE-2022-26966\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2022-9314 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the\n timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user\n privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9314.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.512.6.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9314');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.512.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T08:39:49", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1537)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2021-4197", "CVE-2022-0617", "CVE-2022-22942", "CVE-2022-24448"], "modified": "2023-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/160116", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160116);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2021-4197\",\n \"CVE-2022-0617\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1537)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c95538f0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h675.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T20:49:29", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5384-1 advisory.\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5384-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0617", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1077", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1039", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1020", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1076-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1062", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1062", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1070", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1020-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1039-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1062-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1070-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1077-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge"], "id": "UBUNTU_USN-5384-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160025", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5384-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160025);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-0617\", \"CVE-2022-24448\", \"CVE-2022-24959\");\n script_xref(name:\"USN\", value:\"5384-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5384-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5384-1 advisory.\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5384-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1077\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1039\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1020\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1076-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1070\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1020-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1039-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1062-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1070-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1077-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0617', 'CVE-2022-24448', 'CVE-2022-24959');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5384-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'linux-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-cloud-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-headers-5.4.0-1077', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-headers-5.4.0-1068', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-cloud-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-headers-5.4.0-1039', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-source-5.4.0', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-headers-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-5.4.0-109', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-common', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-headers-5.4.0-109', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-source-5.4.0', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-5.4.0-109', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-common', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-cloud-tools-common', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-headers-5.4.0-1020', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-source-5.4.0', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-tools-5.4.0-1020', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-tools-common', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-image-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-headers-5.4.0-1070', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-tools-5.4.0-1070', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-5.4-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-5.4-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.66~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.4.0.1077.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.4.0.1072.56'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1068.71~18.04.32'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.40~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-tools-ibm-edge', 'pkgver': '5.4.0.1020.37'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.4.0.1070.76~18.04.49'},\n {'osver': '18.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.60'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.123~18.04.94'},\n {'osver': '20.04', 'pkgname': 'linux-aws-cloud-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-aws-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-aws-lts-20.04', 'pkgver': '5.4.0.1072.74'},\n {'osver': '20.04', 'pkgname': 'linux-aws-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-azure-cloud-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-azure-headers-5.4.0-1077', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-azure-tools-5.4.0-1077', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-109', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-lts-20.04', 'pkgver': '5.4.0.1072.80'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-gke', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-gke-headers-5.4.0-1068', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-gke-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-cloud-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-headers-5.4.0-1039', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-source-5.4.0', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-tools-5.4.0-1039', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-lts-20.04', 'pkgver': '5.4.0.1072.74'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp-lts-20.04', 'pkgver': '5.4.0.1072.80'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm-lts-20.04', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.4.0.1062.61'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-lts-20.04', 'pkgver': '5.4.0.1070.70'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-cloud-tools-common', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-headers-5.4.0-1020', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-lts-20.04', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-source-5.4.0', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-5.4.0-1020', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-common', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1076-azure-fde', 'pkgver': '5.4.0-1076.79+cvm1.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-lts-20.04', 'pkgver': '5.4.0.1072.74'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-lts-20.04', 'pkgver': '5.4.0.1072.80'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm-lts-20.04', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1062.61'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-lts-20.04', 'pkgver': '5.4.0.1070.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1076-azure-fde', 'pkgver': '5.4.0-1076.79+cvm1.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-kvm', 'pkgver': '5.4.0.1062.61'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-headers-5.4.0-1062', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-tools-5.4.0-1062', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-libc-dev', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-lts-20.04', 'pkgver': '5.4.0.1072.74'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp-lts-20.04', 'pkgver': '5.4.0.1072.80'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm-lts-20.04', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1-tools-host', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-oem-tools-host', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-headers-5.4.0-1070', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-lts-20.04', 'pkgver': '5.4.0.1070.70'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-tools-5.4.0-1070', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-raspi', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-source', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-source-5.4.0', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1020-ibm', 'pkgver': '5.4.0-1020.22'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1039-gkeop', 'pkgver': '5.4.0-1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1059-raspi', 'pkgver': '5.4.0-1059.67'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1062-kvm', 'pkgver': '5.4.0-1062.65'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1068-gke', 'pkgver': '5.4.0-1068.71'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1070-oracle', 'pkgver': '5.4.0-1070.76'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1072-aws', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1072-gcp', 'pkgver': '5.4.0-1072.77'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1077-azure', 'pkgver': '5.4.0-1077.80'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-109', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-109-generic', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-109-generic-lpae', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-109-lowlatency', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-lts-20.04', 'pkgver': '5.4.0.1072.74'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-fde', 'pkgver': '5.4.0.1076.79+cvm1.21'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-lts-20.04', 'pkgver': '5.4.0.1077.75'},\n {'osver': '20.04', 'pkgname': 'linux-tools-common', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp-lts-20.04', 'pkgver': '5.4.0.1072.80'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1068.78'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-tools-host', 'pkgver': '5.4.0-109.123'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm-lts-20.04', 'pkgver': '5.4.0.1020.20'},\n {'osver': '20.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.4.0.1062.61'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-lts-20.04', 'pkgver': '5.4.0.1070.70'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1059.93'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-virtual', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.109.113'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.109.113'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws-cloud-tools-5.4.0-1072 / linux-aws-headers-5.4.0-1072 / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-02T14:54:47", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel (CVE-2021-0938)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1647)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0938", "CVE-2021-22600", "CVE-2021-3772", "CVE-2021-4159", "CVE-2022-0487", "CVE-2022-22942", "CVE-2022-24448"], "modified": "2023-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/160649", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160649);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2021-0938\",\n \"CVE-2021-3772\",\n \"CVE-2021-4159\",\n \"CVE-2021-22600\",\n \"CVE-2022-0487\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1647)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to\n uninitialized data. This could lead to local information disclosure with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-171418586References: Upstream kernel (CVE-2021-0938)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1647\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee040e1e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2201.1.0.h1026.eulerosv2r10\",\n \"kernel-abi-stablelists-4.19.90-vhulk2201.1.0.h1026.eulerosv2r10\",\n \"kernel-tools-4.19.90-vhulk2201.1.0.h1026.eulerosv2r10\",\n \"kernel-tools-libs-4.19.90-vhulk2201.1.0.h1026.eulerosv2r10\",\n \"python3-perf-4.19.90-vhulk2201.1.0.h1026.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T16:35:44", "description": "The version of kernel installed on the remote host is prior to 4.14.268-139.500. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1571 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2022-1571)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-28950", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-23960", "CVE-2022-24448"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1571.NASL", "href": "https://www.tenable.com/plugins/nessus/158697", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1571.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158697);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2020-36322\",\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2021-38199\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0617\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"ALAS\", value:\"2022-1571\");\n \n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2022-1571)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.268-139.500. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1571 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which\n allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for\n those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1571.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-25020.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-36322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38199.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0617.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24448.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\ninclude('hotfixes.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2018-25020\", \"CVE-2020-36322\", \"CVE-2021-4197\", \"CVE-2021-38199\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0330\", \"CVE-2022-0435\", \"CVE-2022-0617\", \"CVE-2022-24448\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1571\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T20:28:36", "description": "The version of kernel installed on the remote host is prior to 4.14.268-205.500. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1761 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2022-1761)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-28950", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-23960", "CVE-2022-24448"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.268-205.500", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1761.NASL", "href": "https://www.tenable.com/plugins/nessus/158720", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1761.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158720);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2020-36322\",\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2021-38199\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0617\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"ALAS\", value:\"2022-1761\");\n \n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2022-1761)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.268-205.500. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1761 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which\n allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for\n those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1761.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-25020.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-36322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38199.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0617.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24448.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.268-205.500\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\ninclude('hotfixes.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2018-25020\", \"CVE-2020-36322\", \"CVE-2021-4197\", \"CVE-2021-38199\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0330\", \"CVE-2022-0435\", \"CVE-2022-0617\", \"CVE-2022-24448\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1761\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-205.500.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.268-205.500-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-13T18:57:17", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-039 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-039)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0847", "CVE-2022-1055", "CVE-2022-23960"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.25-14.106", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python3-perf", "p-cpe:/a:amazon:linux:python3-perf-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-039.NASL", "href": "https://www.tenable.com/plugins/nessus/164727", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-039.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164727);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0847\",\n \"CVE-2022-1055\",\n \"CVE-2022-23960\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-039 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-039.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26341.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0847.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1055.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23960.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220308 kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1055\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.25-14.106\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2021-26341\", \"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0847\", \"CVE-2022-1055\", \"CVE-2022-23960\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2022-2022-039\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.25-14.106.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.25-14.106-1.0-0.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.25-14.106-1.0-0.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.25-14.106.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:46:57", "description": "The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-023)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0435", "CVE-2022-23960"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-023.NASL", "href": "https://www.tenable.com/plugins/nessus/161456", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-023.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161456);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0435\",\n \"CVE-2022-23960\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-023)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-023.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26341.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23960.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\ninclude('hotfixes.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2021-4197\", \"CVE-2021-26341\", \"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0435\", \"CVE-2022-23960\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-023\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.181-99.354.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:05:45", "description": "The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5385-1 advisory.\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5385-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43975", "CVE-2022-0617", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-4.15.0-1127", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-4.15.0-1127", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe-cloud-tools-4.15.0-1127", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe-tools-4.15.0-1127", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-4.15.0-1127", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15-cloud-tools-4.15.0-1137", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15-headers-4.15.0-1137", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15-tools-4.15.0-1137", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-4.15.0-1137", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-4.15.0-1137", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-4.15.0-1137", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1041-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1113-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1126-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-176-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-176", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-dell300x-headers-4.15.0-1041", "p-cpe:/a:canonical:ubuntu_linux:linux-dell300x-tools-4.15.0-1041", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15-headers-4.15.0-1121", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15-tools-4.15.0-1121", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-4.15.0-1121", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-4.15.0-1121", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1041-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1113-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1126-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-cloud-tools-4.15.0-176", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-tools-4.15.0-176", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1041-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1113-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1126-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1127-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-176-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1041-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-4.15.0-1113", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-4.15.0-1113", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1041-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1113-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1126-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-176-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-4.15.0-1092", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-4.15.0-1092", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-headers-4.15.0-1126", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-tools-4.15.0-1126", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-4.15.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1041-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1092-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1113-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1121-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1126-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1127-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1137-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-16.04-edge"], "id": "UBUNTU_USN-5385-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160065", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5385-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160065);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-43975\",\n \"CVE-2022-0617\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\"\n );\n script_xref(name:\"USN\", value:\"5385-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5385-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5385-1 advisory.\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5385-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43975\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-4.15.0-1127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-4.15.0-1127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe-cloud-tools-4.15.0-1127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe-tools-4.15.0-1127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-4.15.0-1127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15-cloud-tools-4.15.0-1137\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15-headers-4.15.0-1137\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15-tools-4.15.0-1137\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-4.15.0-1137\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-4.15.0-1137\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-4.15.0-1137\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1041-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1113-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1126-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-176-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-176\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-dell300x-headers-4.15.0-1041\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-dell300x-tools-4.15.0-1041\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15-headers-4.15.0-1121\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15-tools-4.15.0-1121\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-4.15.0-1121\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-4.15.0-1121\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1041-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1113-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1126-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-cloud-tools-4.15.0-176\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-tools-4.15.0-176\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1041-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1113-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1126-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1127-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-176-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1041-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-4.15.0-1113\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-4.15.0-1113\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1041-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1113-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1126-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-176-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-4.15.0-1092\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-4.15.0-1092\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-headers-4.15.0-1126\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-tools-4.15.0-1126\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-4.15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1041-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1092-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1113-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1121-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1126-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1127-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-1137-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.15.0-176-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-16.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-43975', 'CVE-2022-0617', 'CVE-2022-24448', 'CVE-2022-24959');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5385-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'linux-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-azure-cloud-tools-4.15.0-1137', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-azure-headers-4.15.0-1137', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-azure-tools-4.15.0-1137', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-buildinfo-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-headers-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-headers-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-image-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-image-unsigned-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-modules-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-modules-extra-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-signed-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '14.04', 'pkgname': 'linux-tools-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-tools-azure', 'pkgver': '4.15.0.1137.109'},\n {'osver': '16.04', 'pkgname': 'linux-aws-edge', 'pkgver': '4.15.0.1127.117'},\n {'osver': '16.04', 'pkgname': 'linux-aws-headers-4.15.0-1127', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-aws-hwe', 'pkgver': '4.15.0.1127.117'},\n {'osver': '16.04', 'pkgname': 'linux-aws-hwe-cloud-tools-4.15.0-1127', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-aws-hwe-tools-4.15.0-1127', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-azure-cloud-tools-4.15.0-1137', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-azure-headers-4.15.0-1137', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-azure-tools-4.15.0-1137', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-gcp', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-gcp-headers-4.15.0-1121', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-gcp-tools-4.15.0-1121', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-gke', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-176', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-headers-aws-hwe', 'pkgver': '4.15.0.1127.117'},\n {'osver': '16.04', 'pkgname': 'linux-headers-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-headers-gke', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-headers-oem', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '4.15.0.1092.80'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-hwe-cloud-tools-4.15.0-176', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-hwe-tools-4.15.0-176', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1127-aws-hwe', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws-hwe', 'pkgver': '4.15.0.1127.117'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1092.80'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-aws-hwe', 'pkgver': '4.15.0.1127.117'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-oem', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-oracle', 'pkgver': '4.15.0.1092.80'},\n {'osver': '16.04', 'pkgname': 'linux-oracle-headers-4.15.0-1092', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-oracle-tools-4.15.0-1092', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-signed-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-signed-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-oem', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-oracle', 'pkgver': '4.15.0.1092.80'},\n {'osver': '16.04', 'pkgname': 'linux-signed-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-oem', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-signed-oracle', 'pkgver': '4.15.0.1092.80'},\n {'osver': '16.04', 'pkgname': 'linux-source-4.15.0', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.15.0-176-generic', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-tools-aws-hwe', 'pkgver': '4.15.0.1127.117'},\n {'osver': '16.04', 'pkgname': 'linux-tools-azure', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '4.15.0.1137.127'},\n {'osver': '16.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-tools-gke', 'pkgver': '4.15.0.1121.122'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-tools-oem', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '4.15.0.1092.80'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-virtual-hwe-16.04', 'pkgver': '4.15.0.176.168'},\n {'osver': '16.04', 'pkgname': 'linux-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.168'},\n {'osver': '18.04', 'pkgname': 'linux-aws-cloud-tools-4.15.0-1127', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-aws-headers-4.15.0-1127', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-aws-lts-18.04', 'pkgver': '4.15.0.1127.130'},\n {'osver': '18.04', 'pkgname': 'linux-aws-tools-4.15.0-1127', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-azure-4.15-cloud-tools-4.15.0-1137', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-azure-4.15-headers-4.15.0-1137', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-azure-4.15-tools-4.15.0-1137', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1041-dell300x', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1113-kvm', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1126-snapdragon', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-176-generic-lpae', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-4.15.0-176', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-crashdump', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-dell300x', 'pkgver': '4.15.0.1041.43'},\n {'osver': '18.04', 'pkgname': 'linux-dell300x-headers-4.15.0-1041', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-dell300x-tools-4.15.0-1041', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-4.15-headers-4.15.0-1121', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-4.15-tools-4.15.0-1121', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-lts-18.04', 'pkgver': '4.15.0.1121.140'},\n {'osver': '18.04', 'pkgname': 'linux-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1041-dell300x', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1113-kvm', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1126-snapdragon', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-176', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-176-generic-lpae', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-headers-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws-lts-18.04', 'pkgver': '4.15.0.1127.130'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-headers-dell300x', 'pkgver': '4.15.0.1041.43'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp-lts-18.04', 'pkgver': '4.15.0.1121.140'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '4.15.0.1113.109'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle-lts-18.04', 'pkgver': '4.15.0.1092.102'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon', 'pkgver': '4.15.0.1126.129'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1041-dell300x', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1113-kvm', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1126-snapdragon', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-176-generic-lpae', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-lts-18.04', 'pkgver': '4.15.0.1127.130'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-dell300x', 'pkgver': '4.15.0.1041.43'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1121.140'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.15.0.1113.109'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1092.102'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.15.0.1126.129'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-1041-dell300x', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-kvm', 'pkgver': '4.15.0.1113.109'},\n {'osver': '18.04', 'pkgname': 'linux-kvm-headers-4.15.0-1113', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-kvm-tools-4.15.0-1113', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-libc-dev', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1041-dell300x', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1113-kvm', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1126-snapdragon', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-176-generic-lpae', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-modules-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws-lts-18.04', 'pkgver': '4.15.0.1127.130'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp-lts-18.04', 'pkgver': '4.15.0.1121.140'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-headers-4.15.0-1092', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-lts-18.04', 'pkgver': '4.15.0.1092.102'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-tools-4.15.0-1092', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-signed-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle-lts-18.04', 'pkgver': '4.15.0.1092.102'},\n {'osver': '18.04', 'pkgname': 'linux-signed-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle-lts-18.04', 'pkgver': '4.15.0.1092.102'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon', 'pkgver': '4.15.0.1126.129'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-headers-4.15.0-1126', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-tools-4.15.0-1126', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-source', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-source-4.15.0', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1041-dell300x', 'pkgver': '4.15.0-1041.46'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1092-oracle', 'pkgver': '4.15.0-1092.101'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1113-kvm', 'pkgver': '4.15.0-1113.116'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1121-gcp', 'pkgver': '4.15.0-1121.135'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1126-snapdragon', 'pkgver': '4.15.0-1126.135'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1127-aws', 'pkgver': '4.15.0-1127.136'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-1137-azure', 'pkgver': '4.15.0-1137.150'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-176', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-176-generic', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-176-generic-lpae', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-4.15.0-176-lowlatency', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws-lts-18.04', 'pkgver': '4.15.0.1127.130'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure-lts-18.04', 'pkgver': '4.15.0.1137.110'},\n {'osver': '18.04', 'pkgname': 'linux-tools-common', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-dell300x', 'pkgver': '4.15.0.1041.43'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp-lts-18.04', 'pkgver': '4.15.0.1121.140'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-host', 'pkgver': '4.15.0-176.185'},\n {'osver': '18.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '4.15.0.1113.109'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle-lts-18.04', 'pkgver': '4.15.0.1092.102'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon', 'pkgver': '4.15.0.1126.129'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-virtual', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-16.04', 'pkgver': '4.15.0.176.165'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.176.165'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws-cloud-tools-4.15.0-1127 / linux-aws-edge / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-02T00:34:47", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver). (CVE-2020-27820)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1661)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27820", "CVE-2021-3772", "CVE-2021-4159", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0617", "CVE-2022-22942", "CVE-2022-24448"], "modified": "2023-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1661.NASL", "href": "https://www.tenable.com/plugins/nessus/160644", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160644);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2020-27820\",\n \"CVE-2021-3772\",\n \"CVE-2021-4159\",\n \"CVE-2022-0435\",\n \"CVE-2022-0487\",\n \"CVE-2022-0617\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1661)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if 'unbind' the driver). (CVE-2020-27820)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1661\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2401b635\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"bpftool-4.18.0-147.5.2.7.h838.eulerosv2r10\",\n \"kernel-4.18.0-147.5.2.7.h838.eulerosv2r10\",\n \"kernel-abi-stablelists-4.18.0-147.5.2.7.h838.eulerosv2r10\",\n \"kernel-tools-4.18.0-147.5.2.7.h838.eulerosv2r10\",\n \"kernel-tools-libs-4.18.0-147.5.2.7.h838.eulerosv2r10\",\n \"python3-perf-4.18.0-147.5.2.7.h838.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-28T00:22:44", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9260 advisory.\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9260)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20322", "CVE-2021-3772", "CVE-2022-0330", "CVE-2022-26966"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2022-9260.NASL", "href": "https://www.tenable.com/plugins/nessus/159519", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9260.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159519);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3772\",\n \"CVE-2021-20322\",\n \"CVE-2022-0330\",\n \"CVE-2022-26966\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9260)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9260 advisory.\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9260.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3772\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.61.2.el6uek', '4.1.12-124.61.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9260');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.61.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.61.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.61.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.61.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.61.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.61.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.61.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.61.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-26T20:48:48", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0011)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20322", "CVE-2021-3772", "CVE-2022-0330", "CVE-2022-26966"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/159525", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0011.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159525);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3772\",\n \"CVE-2021-20322\",\n \"CVE-2022-0330\",\n \"CVE-2022-26966\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36516.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2021-20322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2021-3772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-0330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-26966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0011.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3772\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.61.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0011');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-30T00:27:54", "description": "The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5383-1 advisory.\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\n - drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). (CVE-2022-26878)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 : Linux kernel vulnerabilities (USN-5383-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43976", "CVE-2021-44879", "CVE-2022-0617", "CVE-2022-1015", "CVE-2022-1016", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-26878"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13-cloud-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13-headers-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13-cloud-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13-headers-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.13.0-1022", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1025-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1025-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-40", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13-headers-5.13.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13-tools-5.13.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.13.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.13.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1025-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1025-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-5.13.0-40", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-headers-5.13.0-40", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-source-5.13.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-tools-5.13.0-40", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1025-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1025-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-40-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.13.0-1021", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.13.0-1021", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1025-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1025-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1025-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1025-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13-headers-5.13.0-1027", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13-tools-5.13.0-1027", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.13.0-1027", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.13.0-1027", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.13.0-1025", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.13.0-1025", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.13.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1022-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1025-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1025-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1027-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge"], "id": "UBUNTU_USN-5383-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160027", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5383-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160027);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-43976\",\n \"CVE-2021-44879\",\n \"CVE-2022-0617\",\n \"CVE-2022-1015\",\n \"CVE-2022-1016\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\",\n \"CVE-2022-26878\"\n );\n script_xref(name:\"USN\", value:\"5383-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 : Linux kernel vulnerabilities (USN-5383-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5383-1 advisory.\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,\n leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\n - drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have\n memory allocated but not freed). (CVE-2022-26878)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5383-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1015\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13-cloud-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13-headers-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13-cloud-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13-headers-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.13.0-1022\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1025-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1025-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13-headers-5.13.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13-tools-5.13.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.13.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.13.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1025-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1025-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-5.13.0-40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-headers-5.13.0-40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-source-5.13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-tools-5.13.0-40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1025-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1025-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-40-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.13.0-1021\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.13.0-1021\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1025-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1025-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1025-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1025-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13-headers-5.13.0-1027\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13-tools-5.13.0-1027\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.13.0-1027\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.13.0-1027\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.13.0-1025\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.13.0-1025\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1022-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1025-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1025-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1027-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-40-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-43976', 'CVE-2021-44879', 'CVE-2022-0617', 'CVE-2022-1015', 'CVE-2022-1016', 'CVE-2022-24448', 'CVE-2022-24959', 'CVE-2022-26878');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5383-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-aws', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.13-cloud-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.13-headers-5.13.0-1022', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.13-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-edge', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-azure', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.13-cloud-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.13-headers-5.13.0-1022', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.13-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-gcp', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-5.13-headers-5.13.0-1024', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-5.13-tools-5.13.0-1024', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-edge', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-cloud-tools-5.13.0-40', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-cloud-tools-common', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-headers-5.13.0-40', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-source-5.13.0', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-tools-5.13.0-40', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-tools-common', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-tools-host', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-edge', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.13-headers-5.13.0-1027', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.13-tools-5.13.0-1027', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-40-generic', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-edge', 'pkgver': '5.13.0.1022.24~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.13.0.1022.26~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.13.0.1024.29~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.13.0.1027.32~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.13.0.40.45~20.04.25'},\n {'osver': '21.10', 'pkgname': 'linux-aws', 'pkgver': '5.13.0.1022.23'},\n {'osver': '21.10', 'pkgname': 'linux-aws-cloud-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-aws-headers-5.13.0-1022', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-aws-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-azure', 'pkgver': '5.13.0.1022.22'},\n {'osver': '21.10', 'pkgname': 'linux-azure-cloud-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-azure-headers-5.13.0-1022', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-azure-tools-5.13.0-1022', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1021-kvm', 'pkgver': '5.13.0-1021.22'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1025-raspi', 'pkgver': '5.13.0-1025.27'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1025-raspi-nolpae', 'pkgver': '5.13.0-1025.27'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-40-generic', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-40', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-40-generic', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.13.0.1022.22'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-crashdump', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-gcp', 'pkgver': '5.13.0.1024.22'},\n {'osver': '21.10', 'pkgname': 'linux-gcp-headers-5.13.0-1024', 'pkgver': '5.13.0-1024.29'},\n {'osver': '21.10', 'pkgname': 'linux-gcp-tools-5.13.0-1024', 'pkgver': '5.13.0-1024.29'},\n {'osver': '21.10', 'pkgname': 'linux-generic', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-gke', 'pkgver': '5.13.0.1024.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1021-kvm', 'pkgver': '5.13.0-1021.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1025-raspi', 'pkgver': '5.13.0-1025.27'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1025-raspi-nolpae', 'pkgver': '5.13.0-1025.27'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-40', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-40-generic', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-headers-aws', 'pkgver': '5.13.0.1022.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-azure', 'pkgver': '5.13.0.1022.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.13.0.1024.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-gke', 'pkgver': '5.13.0.1024.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.13.0.1021.21'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.13.0.1027.27'},\n {'osver': '21.10', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.13.0.1025.30'},\n {'osver': '21.10', 'pkgname': 'linux-headers-raspi-nolpae', 'pkgver': '5.13.0.1025.30'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1021-kvm', 'pkgver': '5.13.0-1021.22'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1022-aws', 'pkgver': '5.13.0-1022.24'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1022-azure', 'pkgver': '5.13.0-1022.26'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1024-gcp', 'pkgver': '5.13.0-1024.29'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1025-raspi', 'pkgver': '5.13.0-1025.27'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1025-raspi-nolpae', 'pkgver': '5.13.0-1025.27'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1027-oracle', 'pkgver': '5.13.0-1027.32'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-40-generic', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-40-generic-64k', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-40-generic-lpae', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-40-lowlatency', 'pkgver': '5.13.0-40.45'},\n {'osver': '21.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.13.0.1022.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.13.0.1022.22'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.13.0.1024.22'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.13.0.40.49'},\n {'osver': '21.10', 'pkgname': 'linux-image-gene