DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2022-3.0-0446", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0446", "description": "Updates of ['linux-aws', 'linux-rt', 'linux', 'linux-secure', 'linux-esx'] packages of Photon OS have been released.\n", "published": "2022-09-07T00:00:00", "modified": "2022-09-07T00:00:00", "epss": [{"cve": "CVE-2021-33655", "epss": 0.00042, "percentile": 0.05691, "modified": "2023-05-23"}, {"cve": "CVE-2021-33656", "epss": 0.0005, "percentile": 0.17343, "modified": "2023-05-23"}, {"cve": "CVE-2021-4159", "epss": 0.00042, "percentile": 0.05691, "modified": "2023-05-23"}, {"cve": "CVE-2022-0812", "epss": 0.00067, "percentile": 0.27488, "modified": "2023-05-31"}, {"cve": "CVE-2022-1012", "epss": 0.00053, "percentile": 0.19063, "modified": "2023-05-31"}, {"cve": "CVE-2022-1462", "epss": 0.00042, "percentile": 0.05676, "modified": "2023-05-31"}, {"cve": "CVE-2022-1679", "epss": 0.00042, "percentile": 0.05676, "modified": "2023-05-31"}, {"cve": "CVE-2022-21123", "epss": 0.00046, "percentile": 0.12999, "modified": "2023-05-31"}, {"cve": "CVE-2022-21125", "epss": 0.00056, "percentile": 0.21322, "modified": "2023-05-31"}, {"cve": "CVE-2022-21166", "epss": 0.00046, "percentile": 0.12999, "modified": "2023-05-31"}, {"cve": "CVE-2022-2318", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-2380", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-26365", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-26373", "epss": 0.00045, "percentile": 0.1201, "modified": "2023-06-02"}, {"cve": "CVE-2022-33740", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-33741", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-33742", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-33744", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-36879", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-06-02"}, {"cve": "CVE-2022-36946", "epss": 0.00134, "percentile": 0.47216, "modified": "2023-06-02"}], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-446", "reporter": "Photon", "references": [], "cvelist": ["CVE-2021-33655", "CVE-2021-33656", "CVE-2021-4159", "CVE-2022-0812", "CVE-2022-1012", "CVE-2022-1462", "CVE-2022-1679", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2318", "CVE-2022-2380", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879", "CVE-2022-36946"], "immutableFields": [], "lastseen": "2023-06-02T15:48:22", "viewCount": 8, "enchantments": {"score": {"value": 7.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:5249", "ALSA-2022:5267", "ALSA-2022:5819", "ALSA-2022:5834", "ALSA-2022:6437", "ALSA-2022:6460", "ALSA-2022:7444", "ALSA-2022:7683", "ALSA-2022:7933", "ALSA-2022:8267", "ALSA-2023:2148", "ALSA-2023:2458", "ALSA-2023:2736", "ALSA-2023:2951"]}, {"type": "altlinux", "idList": ["69D1753D74C2782AF5C4B3E24536D125"]}, {"type": "amazon", "idList": ["ALAS-2022-1604", "ALAS-2022-1606", "ALAS-2022-1624", "ALAS-2022-1636", "ALAS-2022-1645", "ALAS-2022-1852", "ALAS-2022-1888", "ALAS2-2022-1813", "ALAS2-2022-1825", "ALAS2-2022-1833", "ALAS2-2022-1838", "ALAS2-2022-1852", "ALAS2-2022-1888"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2022:5937"]}, {"type": "citrix", "idList": ["CTX460064"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A03F5AC2013ED260DC64C02E99816F92"]}, {"type": "cnvd", "idList": ["CNVD-2022-54887", "CNVD-2022-68595"]}, {"type": "cve", "idList": ["CVE-2021-33655", "CVE-2021-33656", "CVE-2021-4159", "CVE-2022-0812", "CVE-2022-1012", "CVE-2022-1462", "CVE-2022-1679", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2318", "CVE-2022-2380", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879", "CVE-2022-36946"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3065-1:C1710", "DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DLA-3173-1:82909", "DEBIAN:DSA-5161-1:2800F", "DEBIAN:DSA-5173-1:5A28E", "DEBIAN:DSA-5178-1:9B2D2", "DEBIAN:DSA-5184-1:CABB7", "DEBIAN:DSA-5191-1:574E3", "DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-33655", "DEBIANCVE:CVE-2021-33656", "DEBIANCVE:CVE-2021-4159", "DEBIANCVE:CVE-2022-0812", "DEBIANCVE:CVE-2022-1012", "DEBIANCVE:CVE-2022-1462", "DEBIANCVE:CVE-2022-1679", "DEBIANCVE:CVE-2022-21123", "DEBIANCVE:CVE-2022-21125", "DEBIANCVE:CVE-2022-21166", "DEBIANCVE:CVE-2022-2318", "DEBIANCVE:CVE-2022-2380", "DEBIANCVE:CVE-2022-26365", "DEBIANCVE:CVE-2022-26373", "DEBIANCVE:CVE-2022-33740", "DEBIANCVE:CVE-2022-33741", "DEBIANCVE:CVE-2022-33742", "DEBIANCVE:CVE-2022-33744", "DEBIANCVE:CVE-2022-36879", "DEBIANCVE:CVE-2022-36946"]}, {"type": "f5", "idList": ["F5:K04808933", "F5:K08152433", "F5:K12132951", "F5:K45164470", "F5:K52259753"]}, {"type": "fedora", "idList": ["FEDORA:1327A30569C4", "FEDORA:4B1E230C3DF7", "FEDORA:B930F30697B0", "FEDORA:D29113027CBD", "FEDORA:D2A5C30571AE"]}, {"type": "gentoo", "idList": ["GLSA-202208-23"]}, {"type": "githubexploit", "idList": ["194848D4-3D8D-57C9-B93F-94A7FB834CC7", "58D56E09-E266-52D1-8E6F-749551BEC175", "B8B06A12-C7E0-50A2-8B97-C96DEC77EEB8", "D5706C20-994B-524A-8C43-838B970CD47C"]}, {"type": "hp", "idList": ["HPSBHF03796"]}, {"type": "ibm", "idList": ["2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "496D1442E6BA8A6137102D042D945E6932A39AD824C40F1EC57D3D14D4666E29", "579B3E4AEEBFE2F354CC5701A955BC373C28300C7CF3CEAAD268410F2BAD7847", "63C8B1DC63A3A0D366B1AA0E3DB24BD123F14B4EB29B74139B4FE1590E5E48A3", "67AFE8257A8F5CA32ADE6C83C3A2186FBD379BBBF1049A235EA4EE0C4D67742A", "79D27898B8C3F1CD24E5049A5FBAD578A20FC6CDB746BF6F52F6F1A54BB54483", "7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "7F16B180A017EE946A9293B7F73BB16643FA0EDB494E3BDE4E5E8DC3D7C98EE5", "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5", "8252E44A34109A3FF009BBFE514754BDBBDA4A863EC3277626019A6C284A3C94", "AD6CCE2A1D5A9869BD583668A696E96D5711DC6790008CC35A1991D46E49ABE2", "B5A64C62AD14AC5F708718469CD252B6E7CC148ED6744F6CA78BE827CE0DE99F", "B5A9AF4D83BE66FFB045998A244B081C4B596FD89734452E97AF443158456899", "E86F95B423516140DF23D5DD16D74175F74D96C23CCC412FE50D4D07B828F8A1", "EFEF2244E948829C5D18D7E375890D878EF65279FF91004B2295614B4406FAED", "F42698819438A0AFD00188966548F0688DA81186746B5D708D7F1D8C8274475E", "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A"]}, {"type": "ics", "idList": ["ICSA-23-075-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00615", "INTEL:INTEL-SA-00706"]}, {"type": "kaspersky", "idList": ["KLA12568", "KLA12569"]}, {"type": "mageia", "idList": ["MGASA-2022-0194", "MGASA-2022-0195", "MGASA-2022-0242", "MGASA-2022-0243", "MGASA-2022-0263", "MGASA-2022-0264", "MGASA-2022-0278", "MGASA-2022-0279", "MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5E776191FCDE450D39FF196E05A29CB7", "MALWAREBYTES:D133F234942A88D695B4882950A22971"]}, {"type": "mscve", "idList": ["MS:ADV220002", "MS:CVE-2022-21123", "MS:CVE-2022-21125", "MS:CVE-2022-21166"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-114.NASL", "AL2022_ALAS2022-2022-127.NASL", "AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2022-1813.NASL", "AL2_ALAS-2022-1825.NASL", "AL2_ALAS-2022-1833.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1852.NASL", "AL2_ALAS-2022-1888.NASL", "AL2_ALASKERNEL-5_10-2022-015.NASL", "AL2_ALASKERNEL-5_10-2022-016.NASL", "AL2_ALASKERNEL-5_10-2022-017.NASL", "AL2_ALASKERNEL-5_10-2022-018.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_15-2022-005.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_15-2022-007.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-028.NASL", "AL2_ALASKERNEL-5_4-2022-030.NASL", "AL2_ALASKERNEL-5_4-2022-032.NASL", "AL2_ALASKERNEL-5_4-2022-033.NASL", "AL2_ALASKERNEL-5_4-2022-034.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "ALA_ALAS-2022-1604.NASL", "ALA_ALAS-2022-1606.NASL", "ALA_ALAS-2022-1624.NASL", "ALA_ALAS-2022-1636.NASL", "ALA_ALAS-2022-1645.NASL", "ALMA_LINUX_ALSA-2022-5214.NASL", "ALMA_LINUX_ALSA-2022-5249.NASL", "ALMA_LINUX_ALSA-2022-5267.NASL", "ALMA_LINUX_ALSA-2022-5819.NASL", "ALMA_LINUX_ALSA-2022-5834.NASL", "ALMA_LINUX_ALSA-2022-6437.NASL", "ALMA_LINUX_ALSA-2022-6460.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "ALMA_LINUX_ALSA-2023-2148.NASL", "ALMA_LINUX_ALSA-2023-2458.NASL", "ALMA_LINUX_ALSA-2023-2736.NASL", "ALMA_LINUX_ALSA-2023-2951.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DLA-3173.NASL", "DEBIAN_DSA-5161.NASL", "DEBIAN_DSA-5173.NASL", "DEBIAN_DSA-5178.NASL", "DEBIAN_DSA-5184.NASL", "DEBIAN_DSA-5191.NASL", "DEBIAN_DSA-5207.NASL", "EULEROS_SA-2022-1366.NASL", "EULEROS_SA-2022-1429.NASL", "EULEROS_SA-2022-1450.NASL", "EULEROS_SA-2022-1607.NASL", "EULEROS_SA-2022-1630.NASL", "EULEROS_SA-2022-1647.NASL", "EULEROS_SA-2022-1661.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-1999.NASL", "EULEROS_SA-2022-2026.NASL", "EULEROS_SA-2022-2054.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2225.NASL", "EULEROS_SA-2022-2244.NASL", "EULEROS_SA-2022-2292.NASL", "EULEROS_SA-2022-2321.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2415.NASL", "EULEROS_SA-2022-2428.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2619.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2732.NASL", "EULEROS_SA-2022-2767.NASL", "EULEROS_SA-2022-2796.NASL", "EULEROS_SA-2022-2823.NASL", "EULEROS_SA-2022-2848.NASL", "EULEROS_SA-2022-2873.NASL", "EULEROS_SA-2022-2891.NASL", "EULEROS_SA-2022-2906.NASL", "EULEROS_SA-2022-2932.NASL", "EULEROS_SA-2023-1147.NASL", "EULEROS_SA-2023-1168.NASL", "EULEROS_SA-2023-1193.NASL", "EULEROS_SA-2023-1223.NASL", "EULEROS_SA-2023-1507.NASL", "EULEROS_SA-2023-1695.NASL", "F5_BIGIP_SOL08152433.NASL", "FEDORA_2022-391E24517D.NASL", "GENTOO_GLSA-202208-23.NASL", "MARINER_KERNEL_CVE-2022-2318.NASL", "MARINER_KERNEL_CVE-2022-2380.NASL", "MARINER_KERNEL_CVE-2022-33744.NASL", "NEWSTART_CGSL_NS-SA-2023-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0005_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0030_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_5_1_5.NASL", "NUTANIX_NXSA-AOS-6_5_2.NASL", "NUTANIX_NXSA-AOS-6_6_2.NASL", "OPENSUSE-2022-0363-1.NASL", "ORACLELINUX_ELSA-2022-5249.NASL", "ORACLELINUX_ELSA-2022-5819.NASL", "ORACLELINUX_ELSA-2022-5937.NASL", "ORACLELINUX_ELSA-2022-6460.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9481.NASL", "ORACLELINUX_ELSA-2022-9482.NASL", "ORACLELINUX_ELSA-2022-9483.NASL", "ORACLELINUX_ELSA-2022-9484.NASL", "ORACLELINUX_ELSA-2022-9485.NASL", "ORACLELINUX_ELSA-2022-9486.NASL", "ORACLELINUX_ELSA-2022-9507.NASL", "ORACLELINUX_ELSA-2022-9508.NASL", "ORACLELINUX_ELSA-2022-9670.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLELINUX_ELSA-2023-2458.NASL", "ORACLELINUX_ELSA-2023-2951.NASL", "ORACLEVM_OVMSA-2022-0020.NASL", "ORACLEVM_OVMSA-2022-0023.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "REDHAT-RHSA-2022-5214.NASL", "REDHAT-RHSA-2022-5220.NASL", "REDHAT-RHSA-2022-5224.NASL", "REDHAT-RHSA-2022-5249.NASL", "REDHAT-RHSA-2022-5267.NASL", "REDHAT-RHSA-2022-5626.NASL", "REDHAT-RHSA-2022-5633.NASL", "REDHAT-RHSA-2022-5636.NASL", "REDHAT-RHSA-2022-5819.NASL", "REDHAT-RHSA-2022-5834.NASL", "REDHAT-RHSA-2022-5937.NASL", "REDHAT-RHSA-2022-5939.NASL", "REDHAT-RHSA-2022-6437.NASL", "REDHAT-RHSA-2022-6460.NASL", "REDHAT-RHSA-2022-6551.NASL", "REDHAT-RHSA-2022-6872.NASL", "REDHAT-RHSA-2022-6983.NASL", "REDHAT-RHSA-2022-6991.NASL", "REDHAT-RHSA-2022-7279.NASL", "REDHAT-RHSA-2022-7280.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "REDHAT-RHSA-2022-8973.NASL", "REDHAT-RHSA-2022-8974.NASL", "REDHAT-RHSA-2023-0440.NASL", "REDHAT-RHSA-2023-2148.NASL", "REDHAT-RHSA-2023-2458.NASL", "REDHAT-RHSA-2023-2736.NASL", "REDHAT-RHSA-2023-2951.NASL", "ROCKY_LINUX_RLSA-2022-6437.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SL_20220809_KERNEL_ON_SL7_X.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS22_JUN_5014692.NASL", "SMB_NT_MS22_JUN_5014697.NASL", "SMB_NT_MS22_JUN_5014699.NASL", "SMB_NT_MS22_JUN_5014702.NASL", "SMB_NT_MS22_JUN_5014710.NASL", "SMB_NT_MS22_JUN_5014741.NASL", "SMB_NT_MS22_JUN_5014742.NASL", "SMB_NT_MS22_JUN_5014743.NASL", "SMB_NT_MS22_JUN_5014746.NASL", "SUSE_SU-2022-0363-1.NASL", "SUSE_SU-2022-1196-1.NASL", "SUSE_SU-2022-1255-1.NASL", "SUSE_SU-2022-1256-1.NASL", "SUSE_SU-2022-1266-1.NASL", "SUSE_SU-2022-1267-1.NASL", "SUSE_SU-2022-1402-1.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-2077-1.NASL", "SUSE_SU-2022-2078-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2082-1.NASL", "SUSE_SU-2022-2083-1.NASL", "SUSE_SU-2022-2103-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2116-1.NASL", "SUSE_SU-2022-2172-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-2376-1.NASL", "SUSE_SU-2022-2377-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2382-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2557-1.NASL", "SUSE_SU-2022-2560-1.NASL", "SUSE_SU-2022-2569-1.NASL", "SUSE_SU-2022-2574-1.NASL", "SUSE_SU-2022-2591-1.NASL", "SUSE_SU-2022-2597-1.NASL", "SUSE_SU-2022-2599-1.NASL", "SUSE_SU-2022-2600-1.NASL", "SUSE_SU-2022-2601-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2696-1.NASL", "SUSE_SU-2022-2697-1.NASL", "SUSE_SU-2022-2699-1.NASL", "SUSE_SU-2022-2700-1.NASL", "SUSE_SU-2022-2709-1.NASL", "SUSE_SU-2022-2710-1.NASL", "SUSE_SU-2022-2719-1.NASL", "SUSE_SU-2022-2720-1.NASL", "SUSE_SU-2022-2721-1.NASL", "SUSE_SU-2022-2722-1.NASL", "SUSE_SU-2022-2723-1.NASL", "SUSE_SU-2022-2726-1.NASL", "SUSE_SU-2022-2727-1.NASL", "SUSE_SU-2022-2728-1.NASL", "SUSE_SU-2022-2732-1.NASL", "SUSE_SU-2022-2738-1.NASL", "SUSE_SU-2022-2741-1.NASL", "SUSE_SU-2022-2745-1.NASL", "SUSE_SU-2022-2750-1.NASL", "SUSE_SU-2022-2759-1.NASL", "SUSE_SU-2022-2762-1.NASL", "SUSE_SU-2022-2766-1.NASL", "SUSE_SU-2022-2770-1.NASL", "SUSE_SU-2022-2776-1.NASL", "SUSE_SU-2022-2779-1.NASL", "SUSE_SU-2022-2780-1.NASL", "SUSE_SU-2022-2781-1.NASL", "SUSE_SU-2022-2783-1.NASL", "SUSE_SU-2022-2789-1.NASL", "SUSE_SU-2022-2803-1.NASL", "SUSE_SU-2022-2808-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-2827-1.NASL", "SUSE_SU-2022-2840-1.NASL", "SUSE_SU-2022-2854-1.NASL", "SUSE_SU-2022-2875-1.NASL", "SUSE_SU-2022-2892-1.NASL", "SUSE_SU-2022-2910-1.NASL", "SUSE_SU-2022-3061-1.NASL", "SUSE_SU-2022-3072-1.NASL", "SUSE_SU-2022-3108-1.NASL", "SUSE_SU-2022-3123-1.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3264-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3288-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3665-1.NASL", "SUSE_SU-2022-3728-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-3928-1.NASL", "SUSE_SU-2022-4024-1.NASL", "SUSE_SU-2022-4027-1.NASL", "SUSE_SU-2022-4033-1.NASL", "SUSE_SU-2022-4035-1.NASL", "SUSE_SU-2022-4100-1.NASL", "SUSE_SU-2022-4112-1.NASL", "SUSE_SU-2022-4113-1.NASL", "SUSE_SU-2022-4129-1.NASL", "SUSE_SU-2022-4617-1.NASL", "UBUNTU_USN-5471-1.NASL", "UBUNTU_USN-5485-1.NASL", "UBUNTU_USN-5485-2.NASL", "UBUNTU_USN-5486-1.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5515-1.NASL", "UBUNTU_USN-5517-1.NASL", "UBUNTU_USN-5529-1.NASL", "UBUNTU_USN-5535-1.NASL", "UBUNTU_USN-5541-1.NASL", "UBUNTU_USN-5544-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5572-1.NASL", "UBUNTU_USN-5577-1.NASL", "UBUNTU_USN-5579-1.NASL", "UBUNTU_USN-5580-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5589-1.NASL", "UBUNTU_USN-5590-1.NASL", "UBUNTU_USN-5591-1.NASL", "UBUNTU_USN-5591-2.NASL", "UBUNTU_USN-5591-3.NASL", "UBUNTU_USN-5591-4.NASL", "UBUNTU_USN-5592-1.NASL", "UBUNTU_USN-5594-1.NASL", "UBUNTU_USN-5595-1.NASL", "UBUNTU_USN-5596-1.NASL", "UBUNTU_USN-5597-1.NASL", "UBUNTU_USN-5598-1.NASL", "UBUNTU_USN-5599-1.NASL", "UBUNTU_USN-5600-1.NASL", "UBUNTU_USN-5602-1.NASL", "UBUNTU_USN-5603-1.NASL", "UBUNTU_USN-5605-1.NASL", "UBUNTU_USN-5616-1.NASL", "UBUNTU_USN-5621-1.NASL", "UBUNTU_USN-5622-1.NASL", "UBUNTU_USN-5623-1.NASL", "UBUNTU_USN-5624-1.NASL", "UBUNTU_USN-5630-1.NASL", "UBUNTU_USN-5633-1.NASL", "UBUNTU_USN-5634-1.NASL", "UBUNTU_USN-5635-1.NASL", "UBUNTU_USN-5639-1.NASL", "UBUNTU_USN-5640-1.NASL", "UBUNTU_USN-5644-1.NASL", "UBUNTU_USN-5647-1.NASL", "UBUNTU_USN-5648-1.NASL", "UBUNTU_USN-5650-1.NASL", "UBUNTU_USN-5652-1.NASL", "UBUNTU_USN-5654-1.NASL", "UBUNTU_USN-5655-1.NASL", "UBUNTU_USN-5660-1.NASL", "UBUNTU_USN-5667-1.NASL", "UBUNTU_USN-5668-1.NASL", "UBUNTU_USN-5669-1.NASL", "UBUNTU_USN-5669-2.NASL", "UBUNTU_USN-5677-1.NASL", "UBUNTU_USN-5678-1.NASL", "UBUNTU_USN-5679-1.NASL", "UBUNTU_USN-5682-1.NASL", "UBUNTU_USN-5683-1.NASL", "UBUNTU_USN-5684-1.NASL", "UBUNTU_USN-5687-1.NASL", "UBUNTU_USN-5693-1.NASL", "UBUNTU_USN-5695-1.NASL", "UBUNTU_USN-5703-1.NASL", "UBUNTU_USN-5706-1.NASL", "UBUNTU_USN-5727-1.NASL", "UBUNTU_USN-5727-2.NASL", "UBUNTU_USN-5773-1.NASL", "UBUNTU_USN-5774-1.NASL", "UBUNTU_USN-5789-1.NASL", "UBUNTU_USN-5790-1.NASL", "UBUNTU_USN-5854-1.NASL", "UBUNTU_USN-5861-1.NASL", "UBUNTU_USN-5862-1.NASL", "UBUNTU_USN-5865-1.NASL", "UBUNTU_USN-5883-1.NASL", "UBUNTU_USN-5913-1.NASL", "UBUNTU_USN-5975-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6007-1.NASL", "UBUNTU_USN-6014-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-5249", "ELSA-2022-5819", "ELSA-2022-5937", "ELSA-2022-6460", "ELSA-2022-7337", "ELSA-2022-7683", "ELSA-2022-8267", "ELSA-2022-9481", "ELSA-2022-9482", "ELSA-2022-9483", "ELSA-2022-9484", "ELSA-2022-9485", "ELSA-2022-9486", "ELSA-2022-9507", "ELSA-2022-9508", "ELSA-2022-9670", "ELSA-2022-9761", "ELSA-2022-9852", "ELSA-2022-9969", "ELSA-2023-2458", "ELSA-2023-2951"]}, {"type": "osv", "idList": ["OSV:CVE-2022-26365", "OSV:CVE-2022-33740", "OSV:CVE-2022-33741", "OSV:CVE-2022-33742", "OSV:CVE-2022-33744", "OSV:DLA-3065-1", "OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DLA-3173-1", "OSV:DSA-5161-1", "OSV:DSA-5173-1", "OSV:DSA-5178-1", "OSV:DSA-5184-1", "OSV:DSA-5191-1", "OSV:DSA-5207-1"]}, {"type": "photon", "idList": ["PHSA-2022-0238", "PHSA-2022-0248", "PHSA-2022-0517", "PHSA-2022-4.0-0238", "PHSA-2022-4.0-0248"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553"]}, {"type": "redhat", "idList": ["RHSA-2022:5069", "RHSA-2022:5214", "RHSA-2022:5220", "RHSA-2022:5224", "RHSA-2022:5249", "RHSA-2022:5267", "RHSA-2022:5626", "RHSA-2022:5633", "RHSA-2022:5636", "RHSA-2022:5730", "RHSA-2022:5819", "RHSA-2022:5834", "RHSA-2022:5879", "RHSA-2022:5937", "RHSA-2022:5939", "RHSA-2022:6051", "RHSA-2022:6053", "RHSA-2022:6103", "RHSA-2022:6252", "RHSA-2022:6271", "RHSA-2022:6370", "RHSA-2022:6437", "RHSA-2022:6460", "RHSA-2022:6507", "RHSA-2022:6536", "RHSA-2022:6537", "RHSA-2022:6551", "RHSA-2022:6560", "RHSA-2022:6696", "RHSA-2022:6872", "RHSA-2022:6954", "RHSA-2022:6983", "RHSA-2022:6991", "RHSA-2022:7211", "RHSA-2022:7216", "RHSA-2022:7279", "RHSA-2022:7280", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7874", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8609", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:8973", "RHSA-2022:8974", "RHSA-2022:9040", "RHSA-2023:0440", "RHSA-2023:2148", "RHSA-2023:2458", "RHSA-2023:2951", "RHSA-2023:3326", "RHSA-2023:3356"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-33655", "RH:CVE-2021-33656", "RH:CVE-2021-4159", "RH:CVE-2022-0812", "RH:CVE-2022-1012", "RH:CVE-2022-1462", "RH:CVE-2022-1679", "RH:CVE-2022-21123", "RH:CVE-2022-21125", "RH:CVE-2022-21166", "RH:CVE-2022-2318", "RH:CVE-2022-2380", "RH:CVE-2022-26373", "RH:CVE-2022-32296", "RH:CVE-2022-36879", "RH:CVE-2022-36946"]}, {"type": "redos", "idList": ["ROS-20220908-01", "ROS-20220919-01", "ROS-20221220-01"]}, {"type": "rocky", "idList": ["RLBA-2022:7317", "RLSA-2022:5819", "RLSA-2022:5834", "RLSA-2022:6437", "RLSA-2022:6460", "RLSA-2022:7444", "RLSA-2022:7683"]}, {"type": "slackware", "idList": ["SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0363-1", "OPENSUSE-SU-2022:0366-1", "OPENSUSE-SU-2022:2177-1", "OPENSUSE-SU-2022:2422-1", "OPENSUSE-SU-2022:2549-1", "SUSE-SU-2022:1256-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:2078-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2172-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2424-2", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2597-1", "SUSE-SU-2022:2599-1", "SUSE-SU-2022:2599-2", "SUSE-SU-2022:2615-1", "SUSE-SU-2022:2722-1", "SUSE-SU-2022:2741-1", "SUSE-SU-2022:2803-1", "SUSE-SU-2022:2827-1", "SUSE-SU-2022:2875-1", "SUSE-SU-2022:2875-2", "SUSE-SU-2022:2892-2", "SUSE-SU-2022:3264-1", "SUSE-SU-2022:3288-1", "SUSE-SU-2022:3293-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3665-1", "SUSE-SU-2022:3809-1"]}, {"type": "ubuntu", "idList": ["USN-5471-1", "USN-5484-1", "USN-5485-1", "USN-5485-2", "USN-5486-1", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5515-1", "USN-5517-1", "USN-5529-1", "USN-5535-1", "USN-5541-1", "USN-5544-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5566-1", "USN-5572-1", "USN-5572-2", "USN-5577-1", "USN-5579-1", "USN-5580-1", "USN-5582-1", "USN-5589-1", "USN-5590-1", "USN-5591-1", "USN-5591-2", "USN-5591-3", "USN-5591-4", "USN-5592-1", "USN-5594-1", "USN-5595-1", "USN-5596-1", "USN-5597-1", "USN-5598-1", "USN-5599-1", "USN-5600-1", "USN-5602-1", "USN-5603-1", "USN-5605-1", "USN-5616-1", "USN-5621-1", "USN-5622-1", "USN-5623-1", "USN-5624-1", "USN-5630-1", "USN-5633-1", "USN-5634-1", "USN-5635-1", "USN-5639-1", "USN-5640-1", "USN-5644-1", "USN-5647-1", "USN-5648-1", "USN-5650-1", "USN-5652-1", "USN-5654-1", "USN-5655-1", "USN-5660-1", "USN-5667-1", "USN-5668-1", "USN-5669-1", "USN-5669-2", "USN-5677-1", "USN-5678-1", "USN-5679-1", "USN-5682-1", "USN-5683-1", "USN-5684-1", "USN-5687-1", "USN-5693-1", "USN-5695-1", "USN-5703-1", "USN-5706-1", "USN-5727-1", "USN-5727-2", "USN-5773-1", "USN-5774-1", "USN-5789-1", "USN-5790-1", "USN-5854-1", "USN-5861-1", "USN-5862-1", "USN-5865-1", "USN-5883-1", "USN-5913-1", "USN-5924-1", "USN-5975-1", "USN-6001-1", "USN-6007-1", "USN-6013-1", "USN-6014-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-33655", "UB:CVE-2021-33656", "UB:CVE-2021-4159", "UB:CVE-2022-0812", "UB:CVE-2022-1012", "UB:CVE-2022-1462", "UB:CVE-2022-1679", "UB:CVE-2022-21123", "UB:CVE-2022-21125", "UB:CVE-2022-21166", "UB:CVE-2022-2318", "UB:CVE-2022-2380", "UB:CVE-2022-26365", "UB:CVE-2022-26373", "UB:CVE-2022-32296", "UB:CVE-2022-33740", "UB:CVE-2022-33741", "UB:CVE-2022-33742", "UB:CVE-2022-33744", "UB:CVE-2022-36879", "UB:CVE-2022-36946"]}, {"type": "veracode", "idList": ["VERACODE:36026", "VERACODE:36027", "VERACODE:36029", "VERACODE:36304", "VERACODE:36324", "VERACODE:36325", "VERACODE:36326", "VERACODE:36423", "VERACODE:36599", "VERACODE:37096", "VERACODE:37270", "VERACODE:37529", "VERACODE:37534", "VERACODE:38255", "VERACODE:38431", "VERACODE:39548", "VERACODE:39551"]}, {"type": "virtuozzo", "idList": ["VZA-2023-007"]}, {"type": "vmware", "idList": ["VMSA-2022-0016", "VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-403", "XSA-404", "XSA-406"]}]}, "epss": [{"cve": "CVE-2021-33655", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-33656", "epss": 0.0005, "percentile": 0.17284, "modified": "2023-05-02"}, {"cve": "CVE-2021-4159", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-0812", "epss": 0.00067, "percentile": 0.27375, "modified": "2023-05-02"}, {"cve": "CVE-2022-1012", "epss": 0.00053, "percentile": 0.19035, "modified": "2023-05-02"}, {"cve": "CVE-2022-1462", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1679", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-21123", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}, {"cve": "CVE-2022-21125", "epss": 0.00056, "percentile": 0.21318, "modified": "2023-05-02"}, {"cve": "CVE-2022-21166", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}, {"cve": "CVE-2022-2318", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-2380", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-26365", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-26373", "epss": 0.00045, "percentile": 0.11975, "modified": "2023-05-02"}, {"cve": "CVE-2022-33740", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33741", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33742", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33744", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-36879", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-36946", "epss": 0.00134, "percentile": 0.47079, "modified": "2023-05-02"}], "vulnersScore": 7.4}, "_state": {"score": 1685720954, "dependencies": 1685741190, "epss": 0}, "_internal": {"score_hash": "5242dbf0dafebe31a3c7b2dc5988508e"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-drivers-intel-sgx-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-drivers-intel-sgx"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-hmacgen-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-hmacgen"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-secure-hmacgen-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-hmacgen"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-secure-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-secure"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-sound-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-sound"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-drivers-gpu-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-drivers-gpu"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-oprofile-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-oprofile"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-secure-docs-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-docs"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-rt-docs-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-rt-docs"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-rt-devel-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-rt-devel"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-hmacgen-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-hmacgen"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-tools-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-tools"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-docs-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-docs"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-secure-devel-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-devel"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-drivers-sound-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-drivers-sound"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "noarch", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-api-headers-4.19.256-1.ph3.noarch.rpm", "operator": "lt", "packageName": "linux-api-headers"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-rt-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-rt"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-drivers-gpu-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-drivers-gpu"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-esx-devel-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-devel"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-esx-hmacgen-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-hmacgen"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-docs-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-docs"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-devel-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-devel"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-python3-perf-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-python3-perf"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-aws-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-aws"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-devel-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-devel"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-esx-docs-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-docs"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-oprofile-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-oprofile"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-esx-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-esx"}, {"OS": "Photon", "OSVersion": "3.0", "arch": "x86_64", "packageVersion": "4.19.256-1.ph3", "packageFilename": "linux-secure-lkcm-4.19.256-1.ph3.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-lkcm"}], "vendorCvss": {"severity": "important"}}

{"nessus": [{"lastseen": "2023-05-17T16:33:02", "description": "The version of kernel installed on the remote host is prior to 4.14.287-215.504. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1825 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2022-1825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2022-07-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.287-215.504", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1825.NASL", "href": "https://www.tenable.com/plugins/nessus/163324", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1825.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163324);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/21\");\n\n script_cve_id(\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2022-1825)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.287-215.504. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1825 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1825.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2318.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33744.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.287-215.504\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2318\", \"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33744\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1825\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.287-215.504.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.287-215.504-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.287-215.504.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.287-215.504.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:33:22", "description": "The version of kernel installed on the remote host is prior to 4.14.287-148.504. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1624 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2022-1624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2022-08-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1624.NASL", "href": "https://www.tenable.com/plugins/nessus/163867", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1624.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163867);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/05\");\n\n script_cve_id(\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2022-1624)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.287-148.504. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1624 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1624.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2318.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33744.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2318\", \"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33744\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1624\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.287-148.504.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.287-148.504.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:03", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5679-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel (HWE) vulnerabilities (USN-5679-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1142-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1142-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe"], "id": "UBUNTU_USN-5679-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166115", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5679-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166115);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5679-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel (HWE) vulnerabilities (USN-5679-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5679-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5679-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1142-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1142-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-(aws|aws-hwe))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-(aws|aws-hwe)\" : \"4.15.0-1142\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5679-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5679-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:38", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5669-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5669-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1054-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1107-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1120-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1128-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1138-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon"], "id": "UBUNTU_USN-5669-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166008", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5669-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166008);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5669-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5669-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5669-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5669-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1054-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1107-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1120-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1128-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1138-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{3}-(generic|generic-lpae|lowlatency)|4.15.0-\\d{4}-(dell300x|kvm|oracle|raspi2|snapdragon))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"4.15.0-194\",\n \"4.15.0-\\d{4}-dell300x\" : \"4.15.0-1054\",\n \"4.15.0-\\d{4}-kvm\" : \"4.15.0-1128\",\n \"4.15.0-\\d{4}-oracle\" : \"4.15.0-1107\",\n \"4.15.0-\\d{4}-raspi2\" : \"4.15.0-1120\",\n \"4.15.0-\\d{4}-snapdragon\" : \"4.15.0-1138\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5669-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5669-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:39", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5678-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5678-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1142-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp"], "id": "UBUNTU_USN-5678-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166113", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5678-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166113);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5678-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5678-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5678-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5678-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1142-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-(aws|gcp))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-aws\" : \"4.15.0-1142\",\n \"4.15.0-\\d{4}-gcp\" : \"4.15.0-1137\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5678-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5678-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:02", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5669-2 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5669-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1107-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle"], "id": "UBUNTU_USN-5669-2.NASL", "href": "https://www.tenable.com/plugins/nessus/166006", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5669-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166006);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5669-2\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5669-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5669-2 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5669-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1107-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-194-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{3}-(generic|lowlatency)|4.15.0-\\d{4}-oracle)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{3}-(generic|lowlatency)\" : \"4.15.0-194\",\n \"4.15.0-\\d{4}-oracle\" : \"4.15.0-1107\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5669-2');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5669-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:28", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5695-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel (GCP) vulnerabilities (USN-5695-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp"], "id": "UBUNTU_USN-5695-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166414", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5695-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166414);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5695-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel (GCP) vulnerabilities (USN-5695-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5695-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5695-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-gcp)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-gcp\" : \"4.15.0-1137\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5695-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5695-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:04", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5687-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5687-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1153-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure"], "id": "UBUNTU_USN-5687-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166265", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5687-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166265);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5687-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5687-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5687-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5687-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1153-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-azure)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-azure\" : \"4.15.0-1153\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5687-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5687-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:03", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5684-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5684-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0812", "CVE-2022-1012", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1153-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure"], "id": "UBUNTU_USN-5684-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166178", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5684-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166178);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-0812\",\n \"CVE-2022-1012\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n script_xref(name:\"USN\", value:\"5684-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5684-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5684-1 advisory.\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.\n (CVE-2022-32296)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5684-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1153-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{4}-azure)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{4}-azure\" : \"4.15.0-1153\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5684-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0812', 'CVE-2022-1012', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5684-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:12", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5668-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5668-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4159", "CVE-2022-20369", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-3176", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1047-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1054-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1084-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-128-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-128-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-128-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency"], "id": "UBUNTU_USN-5668-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166012", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5668-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166012);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-4159\",\n \"CVE-2022-2318\",\n \"CVE-2022-3176\",\n \"CVE-2022-20369\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"USN\", value:\"5668-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5668-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5668-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5668-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1047-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1054-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1084-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-128-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-128-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-128-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.4.0-\\d{4}-(aws|bluefield|gke|gkeop|ibm|kvm))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-128\",\n \"5.4.0-\\d{4}-aws\" : \"5.4.0-1086\",\n \"5.4.0-\\d{4}-bluefield\" : \"5.4.0-1047\",\n \"5.4.0-\\d{4}-gke\" : \"5.4.0-1084\",\n \"5.4.0-\\d{4}-gkeop\" : \"5.4.0-1054\",\n \"5.4.0-\\d{4}-ibm\" : \"5.4.0-1034\",\n \"5.4.0-\\d{4}-kvm\" : \"5.4.0-1076\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5668-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4159', 'CVE-2022-2318', 'CVE-2022-3176', 'CVE-2022-20369', 'CVE-2022-26365', 'CVE-2022-26373', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744', 'CVE-2022-36879');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5668-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:14", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5677-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5677-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4159", "CVE-2022-20369", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-3176", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1071-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1084-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1090-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi"], "id": "UBUNTU_USN-5677-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166106", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5677-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166106);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-4159\",\n \"CVE-2022-2318\",\n \"CVE-2022-3176\",\n \"CVE-2022-20369\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"USN\", value:\"5677-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5677-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5677-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5677-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1071-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1084-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1090-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{4}-(gcp|oracle|raspi))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{4}-gcp\" : \"5.4.0-1090\",\n \"5.4.0-\\d{4}-oracle\" : \"5.4.0-1084\",\n \"5.4.0-\\d{4}-raspi\" : \"5.4.0-1071\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5677-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4159', 'CVE-2022-2318', 'CVE-2022-3176', 'CVE-2022-20369', 'CVE-2022-26365', 'CVE-2022-26373', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744', 'CVE-2022-36879');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5677-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:49", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5682-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-5682-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4159", "CVE-2022-20369", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-3176", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws"], "id": "UBUNTU_USN-5682-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166156", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5682-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166156);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-4159\",\n \"CVE-2022-2318\",\n \"CVE-2022-3176\",\n \"CVE-2022-20369\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"USN\", value:\"5682-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-5682-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5682-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5682-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{4}-aws)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{4}-aws\" : \"5.4.0-1086\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5682-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4159', 'CVE-2022-2318', 'CVE-2022-3176', 'CVE-2022-20369', 'CVE-2022-26365', 'CVE-2022-26373', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744', 'CVE-2022-36879');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5682-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:20", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5706-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-28T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5706-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4159", "CVE-2022-20369", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-3176", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1092-azurefde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azurefde"], "id": "UBUNTU_USN-5706-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166668", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5706-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166668);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-4159\",\n \"CVE-2022-2318\",\n \"CVE-2022-3176\",\n \"CVE-2022-20369\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"USN\", value:\"5706-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5706-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5706-1 advisory.\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5706-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1092-azurefde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azurefde\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{4}-azure-fde)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{4}-azure-fde\" : \"5.4.0-1092\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5706-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4159', 'CVE-2022-2318', 'CVE-2022-3176', 'CVE-2022-20369', 'CVE-2022-26365', 'CVE-2022-26373', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33744', 'CVE-2022-36879');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5706-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:53", "description": "The version of kernel installed on the remote host is prior to 5.4.204-113.362. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-033 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744"], "modified": "2022-07-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-033.NASL", "href": "https://www.tenable.com/plugins/nessus/163385", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-033.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163385);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/22\");\n\n script_cve_id(\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-033)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.204-113.362. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-033 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-033.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33744.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33744\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-033\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.204-113.362.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.204-113.362.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.204-113.362.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:33", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3131 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-02T00:00:00", "type": "nessus", "title": "Debian DLA-3131-1 : linux - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2021-33656", "CVE-2021-4159", "CVE-2022-1462", "CVE-2022-1679", "CVE-2022-2153", "CVE-2022-2318", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-2663", "CVE-2022-3028", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33744", "CVE-2022-36879", "CVE-2022-36946", "CVE-2022-39188", "CVE-2022-39842", "CVE-2022-40307"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libbpf-dev", "p-cpe:/a:debian:debian_linux:libbpf4.19", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp"], "id": "DEBIAN_DLA-3131.NASL", "href": "https://www.tenable.com/plugins/nessus/165623", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3131. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165623);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2021-4159\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-1679\",\n \"CVE-2022-2153\",\n \"CVE-2022-2318\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-2663\",\n \"CVE-2022-3028\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33744\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\",\n \"CVE-2022-39188\",\n \"CVE-2022-39842\",\n \"CVE-2022-40307\"\n );\n\n script_name(english:\"Debian DLA-3131-1 : linux - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3131 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in\n drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an\n integer overflow and bypassing the size check. After that, because it is used as the third argument to\n copy_from_user(), a heap overflow may occur. (CVE-2022-39842)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a\n race condition with a resultant use-after-free. (CVE-2022-40307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-39188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-39842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-40307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\n\nFor Debian 10 buster, these problems have been fixed in version 4.19.260-1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbpf-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbpf4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'hyperv-daemons', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'libbpf-dev', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'libbpf4.19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'libcpupower-dev', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'libcpupower1', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-arm', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-x86', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-config-4.19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-cpupower', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-doc-4.19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-686', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-686-pae', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-amd64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-arm64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-armhf', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-i386', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-amd64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-arm64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-armmp', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-armmp-lpae', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-cloud-amd64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-common', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-common-rt', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-686-pae', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-amd64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-arm64', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-armmp', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-pae-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-pae-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-amd64-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-amd64-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-arm64-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-arm64-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-lpae', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-lpae-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-cloud-amd64-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-cloud-amd64-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-686-pae-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-686-pae-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-amd64-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-amd64-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-arm64-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-arm64-unsigned', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-armmp', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-armmp-dbg', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-kbuild-4.19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-libc-dev', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-perf-4.19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-source-4.19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'linux-support-4.19.0-19', 'reference': '4.19.260-1'},\n {'release': '10.0', 'prefix': 'usbip', 'reference': '4.19.260-1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hyperv-daemons / libbpf-dev / libbpf4.19 / libcpupower-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:18", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5644-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5644-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp"], "id": "UBUNTU_USN-5644-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165505", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5644-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165505);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5644-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5644-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5644-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5644-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-gcp)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-gcp\" : \"5.15.0-1018\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5644-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5644-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:33", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5655-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5655-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-inteliotg", "p-cpe:/a:canonical:ubuntu_linux:linux-image-inteliotg"], "id": "UBUNTU_USN-5655-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165651", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5655-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165651);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5655-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5655-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5655-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5655-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-inteliotg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-inteliotg\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-intel-iotg)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-intel-iotg\" : \"5.15.0-1016\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5655-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5655-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:42", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5640-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-26T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-5640-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle"], "id": "UBUNTU_USN-5640-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165470", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5640-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165470);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5640-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-5640-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5640-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5640-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-oracle)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-oracle\" : \"5.15.0-1018\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5640-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5640-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:07", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5648-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5648-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-5648-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165600", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5648-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165600);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5648-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5648-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5648-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5648-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-gke)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-gke\" : \"5.15.0-1016\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5648-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5648-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:28", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5624-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-21T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k"], "id": "UBUNTU_USN-5624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165281", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5624-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165281);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5624-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5624-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5624-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5624-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)|5.15.0-\\d{4}-(aws|azure|kvm))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)\" : \"5.15.0-48\",\n \"5.15.0-\\d{4}-aws\" : \"5.15.0-1020\",\n \"5.15.0-\\d{4}-azure\" : \"5.15.0-1020\",\n \"5.15.0-\\d{4}-kvm\" : \"5.15.0-1018\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5624-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5624-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:05", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5635-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-24T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5635-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1003-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop"], "id": "UBUNTU_USN-5635-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165417", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5635-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165417);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5635-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5635-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5635-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5635-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1003-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-gkeop)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-gkeop\" : \"5.15.0-1003\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5635-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5635-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:52", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5633-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5633-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae"], "id": "UBUNTU_USN-5633-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165320", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5633-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165320);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5633-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5633-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5633-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5633-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-(gcp|gke|raspi|raspi-nolpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-(raspi|raspi-nolpae)\" : \"5.15.0-1015\",\n \"5.15.0-\\d{4}-gcp\" : \"5.15.0-1018\",\n \"5.15.0-\\d{4}-gke\" : \"5.15.0-1016\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5633-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5633-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:35", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5572-1 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5572-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1148-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws"], "id": "UBUNTU_USN-5572-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164281", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5572-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164281);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\");\n script_xref(name:\"USN\", value:\"5572-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5572-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5572-1 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5572-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33741\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1148-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.4.0-\\d{4}-aws)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.4.0-\\d{4}-aws\" : \"4.4.0-1148\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5572-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5572-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:36", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5579-1 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-24T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5579-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1113-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm"], "id": "UBUNTU_USN-5579-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164382", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5579-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164382);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\");\n script_xref(name:\"USN\", value:\"5579-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5579-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5579-1 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5579-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33741\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1113-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.4.0-\\d{4}-kvm)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.4.0-\\d{4}-kvm\" : \"4.4.0-1113\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5579-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5579-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:05", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5191 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-5191-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:bpftool", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:linux-config-5.10", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:linux-doc", "p-cpe:/a:debian:debian_linux:linux-doc-5.10", "p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-arm64", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-octeon", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rpi", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-s390x", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-marvell", "p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-s390x", "p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-armmp", "p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-marvell", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-octeon", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-rpi", "p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-s390x", "p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-kbuild-5.10", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-perf", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-perf-5.10", "p-cpe:/a:debian:debian_linux:linux-source", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-source-5.10", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-support-5.10.0-13", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-unsigned", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-5kc-malta-di", "cpe:/o:debian:debian_linux:11.0", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-loongson-3-di"], "id": "DEBIAN_DSA-5191.NASL", "href": "https://www.tenable.com/plugins/nessus/163480", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5191. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163480);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Debian DSA-5191-1 : linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5191 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-34918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 5.10.127-2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'bpftool', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'hyperv-daemons', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'libcpupower-dev', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'libcpupower1', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-arm', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-s390', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-x86', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-config-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-cpupower', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-doc', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-doc-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-686', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-686-pae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-amd64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-arm64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-cloud-amd64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-cloud-arm64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-common', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-common-rt', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-686-pae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-amd64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-arm64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-4kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-5kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-pae-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-amd64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-arm64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-lpae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-amd64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-arm64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-loongson-3-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-marvell-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-octeon-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-powerpc64le-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rpi-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-686-pae-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-amd64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-arm64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-s390x-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-686-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-marvell-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-octeon-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rpi-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-s390x-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-kbuild-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-libc-dev', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-perf', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-perf-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-source', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-source-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-support-5.10.0-13', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usbip', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'affs-modules-5.10.0-13-4kc-malta-di / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:49", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5683-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - A use-after-free flaw was found in the Linux kernel's pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1882)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (IBM) vulnerabilities (USN-5683-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-1882", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-3176", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36879", "CVE-2022-36946", "CVE-2022-39189"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm"], "id": "UBUNTU_USN-5683-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166154", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5683-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166154);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-1882\",\n \"CVE-2022-2318\",\n \"CVE-2022-3176\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\",\n \"CVE-2022-39189\"\n );\n script_xref(name:\"USN\", value:\"5683-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (IBM) vulnerabilities (USN-5683-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5683-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - A use-after-free flaw was found in the Linux kernel's pipes functionality in how a user performs\n manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1882)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a\n waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before\n the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free\n to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We\n recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5683-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1882\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-39189\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{4}-ibm)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{4}-ibm\" : \"5.15.0-1015\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5683-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-1882', 'CVE-2022-2318', 'CVE-2022-3176', 'CVE-2022-26365', 'CVE-2022-26373', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36879', 'CVE-2022-36946', 'CVE-2022-39189');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5683-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:00", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2840-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2840-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15393", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2021-39713", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2840-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164307", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2840-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164307);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-15393\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2021-39713\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-20166\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2840-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2840-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2840-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,\n aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel\n (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011942.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0e3aec5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39713\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.171.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.171.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.171.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:39", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2721-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2721-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15393", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2021-39713", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2721-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163994", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2721-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163994);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-15393\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2021-39713\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-20166\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2721-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2721-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2721-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,\n aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel\n (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011828.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70eee337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39713\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.181.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.181.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.181.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:53", "description": "The version of kernel installed on the remote host is prior to 5.10.130-118.517. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-018 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.130-118.517", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo"], "id": "AL2_ALASKERNEL-5_10-2022-018.NASL", "href": "https://www.tenable.com/plugins/nessus/163382", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-018.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163382);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.130-118.517. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-018 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2318.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33743.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33744.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34918.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.130-118.517\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2318\", \"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33743\", \"CVE-2022-33744\", \"CVE-2022-34918\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-018\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.130-118.517.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.130-118.517-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.130-118.517-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:44", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6460 advisory.\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-14T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-6460)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-09-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-6460.NASL", "href": "https://www.tenable.com/plugins/nessus/165095", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6460.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165095);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/14\");\n\n script_cve_id(\"CVE-2022-21123\", \"CVE-2022-21125\", \"CVE-2022-21166\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-6460)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-6460 advisory.\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-6460.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-372.26.1.0.1.el8_6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-6460');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-372.26.1.0.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.26.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.26.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:32:17", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6460 advisory.\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:6460)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-6460.NASL", "href": "https://www.tenable.com/plugins/nessus/164964", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6460. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164964);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-21123\", \"CVE-2022-21125\", \"CVE-2022-21166\");\n script_xref(name:\"RHSA\", value:\"2022:6460\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:6460)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6460 advisory.\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090241\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 459);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:6460');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.26.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.26.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.26.1.el8_6', 'relea