The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)
* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
* kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)
* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
* kernel: Null pointer dereference via keyctl (CVE-2016-8650)
* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)
* kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)
* kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)
* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)
* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890)
* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)
* kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)
* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)
* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)
* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)
* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)
* kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)
* kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
{"nessus": [{"lastseen": "2023-05-20T14:39:13", "description": "Security Fix(es) :\n\n - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n (CVE-2018-3639, PowerPC)\n\n - kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)\n\n - kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)\n\n - kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n - kernel: NULL pointer dereference via keyctl (CVE-2016-8650)\n\n - kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)\n\n - kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)\n\n - kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n - kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n - kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890)\n\n - kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)\n\n - kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)\n\n - kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)\n\n - kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n - kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)\n\n - kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)\n\n - kernel: a NULL pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n - kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180619) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-8650", "CVE-2017-12190", "CVE-2017-15121", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180619_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/110887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110887);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2012-6701\", \"CVE-2015-8830\", \"CVE-2016-8650\", \"CVE-2017-12190\", \"CVE-2017-15121\", \"CVE-2017-18203\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8890\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180619) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of Load & Store instructions (a commonly\n used performance optimization). It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory read\n from address to which a recent memory write has occurred\n may see an older value and subsequently cause an update\n into the microprocessor's data cache even for\n speculatively executed instructions that never actually\n commit (retire). As a result, an unprivileged attacker\n could use this flaw to read privileged memory by\n conducting targeted cache side-channel attacks.\n (CVE-2018-3639, PowerPC)\n\n - kernel: net/packet: overflow in check for priv area size\n (CVE-2017-7308)\n\n - kernel: AIO interface didn't use rw_verify_area() for\n checking mandatory locking on files and size of access\n (CVE-2012-6701)\n\n - kernel: AIO write triggers integer overflow in some\n protocols (CVE-2015-8830)\n\n - kernel: NULL pointer dereference via keyctl\n (CVE-2016-8650)\n\n - kernel: ping socket / AF_LLC connect() sin_family race\n (CVE-2017-2671)\n\n - kernel: Race condition between multiple\n sys_perf_event_open() calls (CVE-2017-6001)\n\n - kernel: Incorrect error handling in the set_mempolicy\n and mbind compat syscalls in mm/mempolicy.c\n (CVE-2017-7616)\n\n - kernel: mm subsystem does not properly enforce the\n CONFIG_STRICT_DEVMEM protection mechanism\n (CVE-2017-7889)\n\n - kernel: Double free in the inet_csk_clone_lock function\n in net/ipv4/inet_connection_sock.c (CVE-2017-8890)\n\n - kernel: net: sctp_v6_create_accept_sk function\n mishandles inheritance (CVE-2017-9075)\n\n - kernel: net: IPv6 DCCP implementation mishandles\n inheritance (CVE-2017-9076)\n\n - kernel: net: tcp_v6_syn_recv_sock function mishandles\n inheritance (CVE-2017-9077)\n\n - kernel: memory leak when merging buffers in SCSI IO\n vectors (CVE-2017-12190)\n\n - kernel: vfs: BUG in truncate_inode_pages_range() and\n fuse client (CVE-2017-15121)\n\n - kernel: Race condition in\n drivers/md/dm.c:dm_get_from_kobject() allows local users\n to cause a denial of service (CVE-2017-18203)\n\n - kernel: a NULL pointer dereference in\n net/dccp/output.c:dccp_write_xmit() leads to a system\n crash (CVE-2018-1130)\n\n - kernel: Missing length check of payload in\n net/sctp/sm_make_chunk.c:_sctp_make_chunk() function\n allows denial of service (CVE-2018-5803)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=1444\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e78e31e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-754.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:59", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)\n\n* kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: NULL pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/ inet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a NULL pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: Missing length check of payload in net/sctp/ sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.", "cvss3": {}, "published": "2018-06-22T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2018:1854) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-8650", "CVE-2017-12190", "CVE-2017-15121", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2018-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/110645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1854 and \n# CentOS Errata and Security Advisory 2018:1854 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110645);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2012-6701\", \"CVE-2015-8830\", \"CVE-2016-8650\", \"CVE-2017-12190\", \"CVE-2017-15121\", \"CVE-2017-18203\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8890\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\");\n script_xref(name:\"RHSA\", value:\"2018:1854\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2018:1854) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size\n(CVE-2017-7308)\n\n* kernel: AIO interface didn't use rw_verify_area() for checking\nmandatory locking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: NULL pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race\n(CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls\n(CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind\ncompat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the\nCONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/\ninet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles\ninheritance (CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance\n(CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance\n(CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors\n(CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client\n(CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject()\nallows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a NULL pointer dereference in\nnet/dccp/output.c:dccp_write_xmit() leads to a system crash\n(CVE-2018-1130)\n\n* kernel: Missing length check of payload in net/sctp/\nsm_make_chunk.c:_sctp_make_chunk() function allows denial of service\n(CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting\nCVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The\nCVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10\nTechnical Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2018-June/005268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0af364ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, 'Temporarily disabled.');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-754.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-754.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:59", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)\n\n* kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: NULL pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/ inet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a NULL pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: Missing length check of payload in net/sctp/ sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.", "cvss3": {}, "published": "2018-06-19T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:1854) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-8650", "CVE-2017-12190", "CVE-2017-15121", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/110600", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1854. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110600);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2012-6701\", \"CVE-2015-8830\", \"CVE-2016-8650\", \"CVE-2017-12190\", \"CVE-2017-15121\", \"CVE-2017-18203\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8890\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\");\n script_xref(name:\"RHSA\", value:\"2018:1854\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:1854) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size\n(CVE-2017-7308)\n\n* kernel: AIO interface didn't use rw_verify_area() for checking\nmandatory locking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: NULL pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race\n(CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls\n(CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind\ncompat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the\nCONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/\ninet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles\ninheritance (CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance\n(CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance\n(CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors\n(CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client\n(CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject()\nallows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a NULL pointer dereference in\nnet/dccp/output.c:dccp_write_xmit() leads to a system crash\n(CVE-2018-1130)\n\n* kernel: Missing length check of payload in net/sctp/\nsm_make_chunk.c:_sctp_make_chunk() function allows denial of service\n(CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting\nCVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The\nCVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/ssbd\"\n );\n # https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d2572ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5803\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-6701\", \"CVE-2015-8830\", \"CVE-2016-8650\", \"CVE-2017-12190\", \"CVE-2017-15121\", \"CVE-2017-18203\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8890\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:1854\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1854\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-754.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-754.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:03", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-1854 advisory.\n\n - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. (CVE-2017-6001)\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. (CVE-2017-8890)\n\n - The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. (CVE-2017-7308)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9077)\n\n - The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. (CVE-2017-2671)\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)\n\n - The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9076)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9075)\n\n - The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page.\n The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. (CVE-2017-12190)\n\n - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. (CVE-2017-15121)\n\n - The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. (CVE-2017-18203)\n\n - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (CVE-2018-3639)\n\n - Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. (CVE-2012-6701)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-06-27T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2018-1854)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-6786", "CVE-2016-8650", "CVE-2017-12190", "CVE-2017-15121", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/110701", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-1854.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110701);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2012-6701\",\n \"CVE-2015-8830\",\n \"CVE-2016-8650\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7308\",\n \"CVE-2017-7616\",\n \"CVE-2017-7889\",\n \"CVE-2017-8890\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\",\n \"CVE-2017-12190\",\n \"CVE-2017-15121\",\n \"CVE-2017-18203\",\n \"CVE-2018-1130\",\n \"CVE-2018-3639\",\n \"CVE-2018-5803\"\n );\n script_xref(name:\"RHSA\", value:\"2018:1854\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2018-1854)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-1854 advisory.\n\n - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory\n is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption\n and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain\n privileges via a crafted application that makes concurrent perf_event_open system calls for moving a\n software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2016-6786. (CVE-2017-6001)\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15\n allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by\n leveraging use of the accept system call. (CVE-2017-8890)\n\n - The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not\n properly validate certain block-size data, which allows local users to cause a denial of service (integer\n signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via\n crafted system calls. (CVE-2017-7308)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles\n inheritance, which allows local users to cause a denial of service or possibly have unspecified other\n impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9077)\n\n - The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a\n certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local\n users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a\n socket system call. (CVE-2017-2671)\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux\n kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM\n protection mechanism, which allows local users to read or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file,\n related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)\n\n - The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles\n inheritance, which allows local users to cause a denial of service or possibly have unspecified other\n impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9076)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles\n inheritance, which allows local users to cause a denial of service or possibly have unspecified other\n impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9075)\n\n - The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do\n unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page.\n The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a\n memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk\n is passed through to a virtual machine) due to an out-of-memory condition. (CVE-2017-12190)\n\n - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an\n application punches a hole in a file that does not end aligned to a page boundary. (CVE-2017-15121)\n\n - The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to\n cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and\n removal of DM devices. (CVE-2017-18203)\n\n - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads\n before the addresses of all prior memory writes are known may allow unauthorized disclosure of information\n to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB),\n Variant 4. (CVE-2018-3639)\n\n - Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of\n service or possibly have unspecified other impact via a large AIO iovec. (CVE-2012-6701)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local\n users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be\n exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of\n certain crafted system calls. (CVE-2018-1130)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-1854.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6001\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-754.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-1854');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-754.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-754.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:47", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.\n\n - It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.\n NOTE: this vulnerability exists because of a CVE-2012-6701 regression.\n\n - A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.\n\n - A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n\n - It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.\n\n - Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.\n\n - The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.\n\n - It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.\n\n - An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n\n - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-26T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-6786", "CVE-2016-8650", "CVE-2017-12190", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7616", "CVE-2017-7889", "CVE-2018-10675", "CVE-2018-5803", "CVE-2018-7757"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2018-041.NASL", "href": "https://www.tenable.com/plugins/nessus/110694", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110694);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2012-6701\",\n \"CVE-2015-8830\",\n \"CVE-2016-8650\",\n \"CVE-2017-12190\",\n \"CVE-2017-18203\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7616\",\n \"CVE-2017-7889\",\n \"CVE-2018-10675\",\n \"CVE-2018-5803\",\n \"CVE-2018-7757\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-041)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - The do_get_mempolicy() function in 'mm/mempolicy.c' in\n the Linux kernel allows local users to hit a\n use-after-free bug via crafted system calls and thus\n cause a denial of service (DoS) or possibly have\n unspecified other impact. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out.\n\n - It was found that AIO interface didn't use the proper\n rw_verify_area() helper function with extended\n functionality, for example, mandatory locking on the\n file. Also rw_verify_area() makes extended checks, for\n example, that the size of the access doesn't cause\n overflow of the provided offset limits. This integer\n overflow in fs/aio.c in the Linux kernel before 3.4.1\n allows local users to cause a denial of service or\n possibly have unspecified other impact via a large AIO\n iovec.\n\n - Integer overflow in the aio_setup_single_vector\n function in fs/aio.c in the Linux kernel 4.0 allows\n local users to cause a denial of service or possibly\n have unspecified other impact via a large AIO iovec.\n NOTE: this vulnerability exists because of a\n CVE-2012-6701 regression.\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key.\n\n - A race condition leading to a NULL pointer dereference\n was found in the Linux kernel's Link Layer Control\n implementation. A local attacker with access to ping\n sockets could use this flaw to crash the system.\n\n - It was found that the original fix for CVE-2016-6786\n was incomplete. There exist a race between two\n concurrent sys_perf_event_open() calls when both try\n and move the same pre-existing software group into a\n hardware context.\n\n - Incorrect error handling in the set_mempolicy() and\n mbind() compat syscalls in 'mm/mempolicy.c' in the\n Linux kernel allows local users to obtain sensitive\n information from uninitialized stack data by triggering\n failure of a certain bitmap operation.\n\n - The mm subsystem in the Linux kernel through 4.10.10\n does not properly enforce the CONFIG_STRICT_DEVMEM\n protection mechanism, which allows local users to read\n or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access\n restrictions) via an application that opens the\n /dev/mem file, related to arch/x86/mm/init.c and\n drivers/char/mem.c.\n\n - It was found that in the Linux kernel through\n v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in\n 'block/bio.c' do unbalanced pages refcounting if IO\n vector has small consecutive buffers belonging to the\n same page. bio_add_pc_page() merges them into one, but\n the page reference is never dropped, causing a memory\n leak and possible system lockup due to out-of-memory\n condition.\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.\n\n - An error in the '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP, packet\n length can be exploited by a malicious local user to\n cause a kernel crash and a DoS.\n\n - Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c in the Linux kernel\n allows local users to cause a denial of service (kernel\n memory exhaustion) via multiple read accesses to files\n in the /sys/class/sas_phy directory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2945474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:1854\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3709\",\n \"vzkernel-2.6.32-042stab131.1\",\n \"vzkernel-devel-2.6.32-042stab131.1\",\n \"vzkernel-firmware-2.6.32-042stab131.1\",\n \"vzmodules-2.6.32-042stab131.1\",\n \"vzmodules-devel-2.6.32-042stab131.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:42", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-9075)\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-9077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0098_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0098. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127323);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0098)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely. (CVE-2017-8890)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandles inheritance, which allows\n local users to cause a denial of service or possibly\n have unspecified other impact via crafted system calls,\n a related issue to CVE-2017-8890. An unprivileged local\n user could use this flaw to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although we believe it is unlikely.\n (CVE-2017-9075)\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely. (CVE-2017-9076)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandles inheritance, which allows\n local users to cause a denial of service or possibly\n have unspecified other impact via crafted system calls,\n a related issue to CVE-2017-8890. An unprivileged local\n user could use this flaw to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although we believe it is unlikely.\n (CVE-2017-9077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"kernel-2.6.32-642.13.1.el6.cgsl7399\",\n \"kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-debug-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-devel-2.6.32-642.13.1.el6.cgsl7399\",\n \"kernel-doc-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-firmware-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-headers-2.6.32-642.13.1.el6.cgsl7399\",\n \"perf-2.6.32-642.13.1.el6.cgsl7259\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:01", "description": "Rebase to 4.11.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-01T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-6f06be3fe9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-6F06BE3FE9.NASL", "href": "https://www.tenable.com/plugins/nessus/100563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-6f06be3fe9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100563);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"FEDORA\", value:\"2017-6f06be3fe9\");\n\n script_name(english:\"Fedora 25 : kernel (2017-6f06be3fe9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.11.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f06be3fe9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-6f06be3fe9\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.11.3-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:02", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-045.NASL", "href": "https://www.tenable.com/plugins/nessus/100601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100601);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-045)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816867\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-21.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a0bddd6\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-21.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:12", "description": "The 4.11.4 update contains a number of important fixes across the tree\n\n----\n\nThis is a rebase to the 4.11 series of kernels. It includes all fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-15T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2017-6554692044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-6554692044.NASL", "href": "https://www.tenable.com/plugins/nessus/100798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-6554692044.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100798);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"FEDORA\", value:\"2017-6554692044\");\n\n script_name(english:\"Fedora 24 : kernel (2017-6554692044)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.11.4 update contains a number of important fixes across the tree\n\n----\n\nThis is a rebase to the 4.11 series of kernels. It includes all fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-6554692044\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-6554692044\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.11.4-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:03", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-044.NASL", "href": "https://www.tenable.com/plugins/nessus/100600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100600);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-044)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816866\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-20.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e718308f\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-20.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:42", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - Improved isolation for neighbor table settings. (The fix added to the 042stab120.19 kernel was incomplete.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2017-047.NASL", "href": "https://www.tenable.com/plugins/nessus/100769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100769);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-047)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\n - Improved isolation for neighbor table settings. (The\n fix added to the 042stab120.19 kernel was incomplete.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2822597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3677\",\n \"vzkernel-2.6.32-042stab123.4\",\n \"vzkernel-devel-2.6.32-042stab123.4\",\n \"vzkernel-firmware-2.6.32-042stab123.4\",\n \"vzmodules-2.6.32-042stab123.4\",\n \"vzmodules-devel-2.6.32-042stab123.4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:59", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8646", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-043.NASL", "href": "https://www.tenable.com/plugins/nessus/100599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100599);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-8646\",\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-043)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\n - A vulnerability was found in the Linux kernel. An\n unprivileged local user could trigger oops in\n shash_async_export() by attempting to force the\n in-kernel hashing algorithms into decrypting an empty\n data set.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816865\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-20.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e35a0d51\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-20.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:15", "description": "The 4.10.17 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2017-85744f8aa9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-85744F8AA9.NASL", "href": "https://www.tenable.com/plugins/nessus/100491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-85744f8aa9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100491);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"FEDORA\", value:\"2017-85744f8aa9\");\n\n script_name(english:\"Fedora 24 : kernel (2017-85744f8aa9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.10.17 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-85744f8aa9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-85744f8aa9\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.10.17-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:38:28", "description": "The 4.10.17 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-273b67d5ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-273B67D5EE.NASL", "href": "https://www.tenable.com/plugins/nessus/100435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-273b67d5ee.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100435);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"FEDORA\", value:\"2017-273b67d5ee\");\n\n script_name(english:\"Fedora 25 : kernel (2017-273b67d5ee)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.10.17 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-273b67d5ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-273b67d5ee\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.10.17-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:29", "description": "Module reference leak due to improper shut down of callback channel on umount :\n\nThe NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a 'module reference and kernel daemon' leak.\n(CVE-2017-9059)\n\nIncorrect overwrite check in __ip6_append_data() :\n\nThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.\n(CVE-2017-9242)\n\nDouble free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c :\n\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.\nDue to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)\n\nnet: tcp_v6_syn_recv_sock function mishandles inheritance :\n\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9077)\n\nnet: IPv6 DCCP implementation mishandles inheritance\n\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)\n\nnet: sctp_v6_create_accept_sk function mishandles inheritance :\n\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075)\n\nnet: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option :\n\nThe IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074)", "cvss3": {}, "published": "2017-06-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-846.NASL", "href": "https://www.tenable.com/plugins/nessus/100999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-846.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100999);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"ALAS\", value:\"2017-846\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-846)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Module reference leak due to improper shut down of callback channel on\numount :\n\nThe NFSv4 implementation in the Linux kernel through 4.11.1 allows\nlocal users to cause a denial of service (resource consumption) by\nleveraging improper channel callback shutdown when unmounting an NFSv4\nfilesystem, aka a 'module reference and kernel daemon' leak.\n(CVE-2017-9059)\n\nIncorrect overwrite check in __ip6_append_data() :\n\nThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux\nkernel through 4.11.3 is too late in checking whether an overwrite of\nan skb data structure may occur, which allows local users to cause a\ndenial of service (system crash) via crafted system calls.\n(CVE-2017-9242)\n\nDouble free in the inet_csk_clone_lock function in\nnet/ipv4/inet_connection_sock.c :\n\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in\nthe Linux kernel allows attackers to cause a denial of service (double\nfree) or possibly have unspecified other impact by leveraging use of\nthe accept system call. An unprivileged local user could use this flaw\nto induce kernel memory corruption on the system, leading to a crash.\nDue to the nature of the flaw, privilege escalation cannot be fully\nruled out, although we believe it is unlikely. (CVE-2017-8890)\n\nnet: tcp_v6_syn_recv_sock function mishandles inheritance :\n\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux\nkernel mishandles inheritance, which allows local users to cause a\ndenial of service or possibly have unspecified other impact via\ncrafted system calls, a related issue to CVE-2017-8890 . An\nunprivileged local user could use this flaw to induce kernel memory\ncorruption on the system, leading to a crash. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9077)\n\nnet: IPv6 DCCP implementation mishandles inheritance\n\nThe IPv6 DCCP implementation in the Linux kernel mishandles\ninheritance, which allows local users to cause a denial of service or\npossibly have unspecified other impact via crafted system calls, a\nrelated issue to CVE-2017-8890 . An unprivileged local user could use\nthis flaw to induce kernel memory corruption on the system, leading to\na crash. Due to the nature of the flaw, privilege escalation cannot be\nfully ruled out, although we believe it is unlikely. (CVE-2017-9076)\n\nnet: sctp_v6_create_accept_sk function mishandles inheritance :\n\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux\nkernel mishandles inheritance, which allows local users to cause a\ndenial of service or possibly have unspecified other impact via\ncrafted system calls, a related issue to CVE-2017-8890 . An\nunprivileged local user could use this flaw to induce kernel memory\ncorruption on the system, leading to a crash. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely.(CVE-2017-9075)\n\nnet: IPv6 fragmentation implementation of nexthdr field may be\nassociated with an invalid option :\n\nThe IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid\noption, which allows local users to cause a denial of service\n(out-of-bounds read and BUG) or possibly have unspecified other impact\nvia crafted socket and send system calls. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9074)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-846.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.32-15.41.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:25", "description": "The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.\n(CVE-2017-9076)\n\nImpact\n\nThis vulnerability allows an unprivileged local user to cause a denial of service (DoS) or disruption of service through crafted system calls.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K02613439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9076"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL02613439.NASL", "href": "https://www.tenable.com/plugins/nessus/118618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K02613439.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118618);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9076\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K02613439)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux\nkernel through 4.11.1 mishandles inheritance, which allows local users\nto cause a denial of service or possibly have unspecified other impact\nvia crafted system calls, a related issue to CVE-2017-8890.\n(CVE-2017-9076)\n\nImpact\n\nThis vulnerability allows an unprivileged local user to cause a denial\nof service (DoS) or disruption of service through crafted system\ncalls.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K02613439\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K02613439.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9076\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K02613439\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:34", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143545] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143545] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143545] (CVE-2017-7308)\n\n - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26132091] (CVE-2017-8890)", "cvss3": {}, "published": "2017-06-02T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7308", "CVE-2017-8890"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0111.NASL", "href": "https://www.tenable.com/plugins/nessus/100585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0111.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100585);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7308\", \"CVE-2017-8890\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0111)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - net/packet: fix overflow in check for tp_reserve (Andrey\n Konovalov) [Orabug: 26143545] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for tp_frame_nr\n (Andrey Konovalov) [Orabug: 26143545] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for priv area size\n (Andrey Konovalov) [Orabug: 26143545] (CVE-2017-7308)\n\n - dccp/tcp: do not inherit mc_list from parent (Eric\n Dumazet) [Orabug: 26132091] (CVE-2017-8890)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2017-June/000737.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-94.3.6.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-94.3.6.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:21", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143552] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143552] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143552] (CVE-2017-7308)\n\n - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108571] (CVE-2017-8890)", "cvss3": {}, "published": "2017-06-02T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0112)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7308", "CVE-2017-8890"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0112.NASL", "href": "https://www.tenable.com/plugins/nessus/100586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0112.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100586);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7308\", \"CVE-2017-8890\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0112)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - net/packet: fix overflow in check for tp_reserve (Andrey\n Konovalov) [Orabug: 26143552] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for tp_frame_nr\n (Andrey Konovalov) [Orabug: 26143552] (CVE-2017-7308)\n\n - net/packet: fix overflow in check for priv area size\n (Andrey Konovalov) [Orabug: 26143552] (CVE-2017-7308)\n\n - dccp/tcp: do not inherit mc_list from parent (Eric\n Dumazet) [Orabug: 26108571] (CVE-2017-8890)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2017-June/000738.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.18.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.18.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:25", "description": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.\n(CVE-2017-9075)\n\nImpact\n\nThis vulnerability allows malicious users to cause a denial of service (DoS) on the F5 product.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K02236463)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9075"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL02236463.NASL", "href": "https://www.tenable.com/plugins/nessus/118617", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K02236463.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118617);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9075\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K02236463)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux\nkernel through 4.11.1 mishandles inheritance, which allows local users\nto cause a denial of service or possibly have unspecified other impact\nvia crafted system calls, a related issue to CVE-2017-8890.\n(CVE-2017-9075)\n\nImpact\n\nThis vulnerability allows malicious users to cause a denial of service\n(DoS) on the F5 product.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K02236463\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K02236463.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9075\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K02236463\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:17:00", "description": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.\n(CVE-2017-9077)\n\nImpact\n\nThis vulnerability allows a disruption of service and possibly an unauthorized disclosure of information.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K61429540)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9077"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL61429540.NASL", "href": "https://www.tenable.com/plugins/nessus/118685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K61429540.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118685);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9077\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K61429540)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux\nkernel through 4.11.1 mishandles inheritance, which allows local users\nto cause a denial of service or possibly have unspecified other impact\nvia crafted system calls, a related issue to CVE-2017-8890.\n(CVE-2017-9077)\n\nImpact\n\nThis vulnerability allows a disruption of service and possibly an\nunauthorized disclosure of information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K61429540\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K61429540.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9077\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K61429540\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.2.1-11.6.3\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.4.1\",\"11.6.4\",\"11.5.9\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:36", "description": "An update of [linux] packages for PhotonOS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0019 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9242"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/111868", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0019. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111868);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9242\"\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0019 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-48\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4b1f184\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8890\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.71-1.ph1\",\n \"linux-api-headers-4.4.71-1.ph1\",\n \"linux-debuginfo-4.4.71-1.ph1\",\n \"linux-dev-4.4.71-1.ph1\",\n \"linux-docs-4.4.71-1.ph1\",\n \"linux-drivers-gpu-4.4.71-1.ph1\",\n \"linux-esx-4.4.71-1.ph1\",\n \"linux-esx-debuginfo-4.4.71-1.ph1\",\n \"linux-esx-devel-4.4.71-1.ph1\",\n \"linux-esx-docs-4.4.71-1.ph1\",\n \"linux-oprofile-4.4.71-1.ph1\",\n \"linux-sound-4.4.71-1.ph1\",\n \"linux-tools-4.4.71-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:02", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0019", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9242"], "modified": "2019-03-08T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0019_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0019. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121698);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/03/08\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9242\"\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0019\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-48.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8890\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.71-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:02", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The NFS2/3 RPC client could send long arguments to nfsd server. These encoded arguments are stored in an array of memory pages, and accessed via various pointer variables. Arbitrarily long arguments could make these pointers point outside the array, thus causing out-of-bounds memory access. A remote user/program could use this flaw to crash the kernel resulting in DoS.\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly have unspecified other impact via crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.\n\n - If the sctp module was loaded on the host, a privileged user inside a container could cause a kernel crash by triggering a NULL pointer dererefence in the sctp_endpoint_destroy() function with a specially crafted sequence of system calls.\n\n - A privileged user inside a container could cause a kernel crash by triggering a BUG_ON in the unregister_netdevice_many() function with a specially crafted sequence of system calls.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8646", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-042.NASL", "href": "https://www.tenable.com/plugins/nessus/100598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100598);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-8646\",\n \"CVE-2017-7645\",\n \"CVE-2017-7895\",\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-042)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The NFS2/3 RPC client could send long arguments to nfsd\n server. These encoded arguments are stored in an array\n of memory pages, and accessed via various pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array, thus causing\n out-of-bounds memory access. A remote user/program\n could use this flaw to crash the kernel resulting in\n DoS.\n\n - The NFSv2 and NFSv3 server implementations in the Linux\n kernel through 4.10.13 lack certain checks for the end\n of a buffer. A remote attacker could trigger a\n pointer-arithmetic error or possibly have unspecified\n other impact via crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\n - A vulnerability was found in the Linux kernel. An\n unprivileged local user could trigger oops in\n shash_async_export() by attempting to force the\n in-kernel hashing algorithms into decrypting an empty\n data set.\n\n - If the sctp module was loaded on the host, a privileged\n user inside a container could cause a kernel crash by\n triggering a NULL pointer dererefence in the\n sctp_endpoint_destroy() function with a specially\n crafted sequence of system calls.\n\n - A privileged user inside a container could cause a\n kernel crash by triggering a BUG_ON in the\n unregister_netdevice_many() function with a specially\n crafted sequence of system calls.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816864\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-22.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddef2bc0\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-22.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:07", "description": "USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3344-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101155", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101155);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:20", "description": "USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3345-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3345-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101156);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3345-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3324-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3345-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3345-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1010-raspi2\", pkgver:\"4.10.0-1010.13\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic-lpae\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-lowlatency\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1010.12\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:23", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670)\n\nThe following non-security bugs were fixed :\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal (bsc#1031717).\n\n - acpi / scan: Drop support for force_remove (bnc#1029607).\n\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n\n - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68 stable queue).\n\n - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode (4.4.68 stable queue).\n\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable queue).\n\n - asoc: rt5640: use msleep() for long delays (bsc#1031717).\n\n - asoc: sti: Fix error handling if of_clk_get() fails (bsc#1031717).\n\n - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB numbering (bsc#989311)\n\n - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue).\n\n - bna: avoid writing uninitialized data into hw registers (bsc#966321 FATE#320156).\n\n - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412 FATE#321671).\n\n - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable queue).\n\n - brcmfmac: Ensure pointer correctly set if skb data location changes (4.4.68 stable queue).\n\n - brcmfmac: Make skb header writable before use (4.4.68 stable queue).\n\n - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717).\n\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n\n - btrfs: add ASSERT for block group's memory leak (bsc#1012452).\n\n - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452).\n\n - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452).\n\n - btrfs: add check to sysfs handler of label (bsc#1012452).\n\n - btrfs: add dynamic debug support (bsc#1012452).\n\n - btrfs: add error handling for extent buffer in print tree (bsc#1012452).\n\n - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452).\n\n - btrfs: add missing check for writeback errors on fsync (bsc#1012452).\n\n - btrfs: add more validation checks for superblock (bsc#1012452).\n\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n\n - btrfs: add read-only check to sysfs handler of features (bsc#1012452).\n\n - btrfs: add semaphore to synchronize direct IO writes with fsync (bsc#1012452).\n\n - btrfs: add tracepoint for adding block groups (bsc#1012452).\n\n - btrfs: add tracepoints for flush events (bsc#1012452).\n\n - btrfs: add validadtion checks for chunk loading (bsc#1012452).\n\n - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452).\n\n - btrfs: allow balancing to dup with multi-device (bsc#1012452).\n\n - btrfs: always reserve metadata for delalloc extents (bsc#1012452).\n\n - btrfs: always use trans->block_rsv for orphans (bsc#1012452).\n\n - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452).\n\n - btrfs: avoid deadlocks during reservations in btrfs_truncate_block (bsc#1012452).\n\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n\n - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452).\n\n - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing delalloc space (bsc#1012452).\n\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452).\n\n - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined (bsc#1012452).\n\n - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction (bsc#1012452).\n\n - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup() (bsc#1012452).\n\n - btrfs: change delayed reservation fallback behavior (bsc#1012452).\n\n - btrfs: change how we calculate the global block rsv (bsc#1012452).\n\n - btrfs: check btree node's nritems (bsc#1012452).\n\n - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452).\n\n - btrfs: check inconsistence between chunk and block group (bsc#1012452).\n\n - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452).\n\n - btrfs: clean the old superblocks before freeing the device (bsc#1012452).\n\n - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452).\n\n - btrfs: cleanup assigning next active device with a check (bsc#1012452).\n\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n\n - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452).\n\n - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452).\n\n - btrfs: clone: use vmalloc only as fallback for nodesize bufer (bsc#1012452).\n\n - btrfs: convert nodesize macros to static inlines (bsc#1012452).\n\n - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452).\n\n - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452).\n\n - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452).\n\n - btrfs: copy_to_sk drop unused root parameter (bsc#1012452).\n\n - btrfs: create a helper function to read the disk super (bsc#1012452).\n\n - btrfs: create example debugfs file only in debugging build (bsc#1012452).\n\n - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452).\n\n - btrfs: create helper function __check_raid_min_devices() (bsc#1012452).\n\n - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452).\n\n - btrfs: divide btrfs_update_reserved_bytes() into two functions (bsc#1012452).\n\n - btrfs: do not background blkdev_put() (bsc#1012452).\n\n - btrfs: do not bother kicking async if there's nothing to reclaim (bsc#1012452).\n\n - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452).\n\n - btrfs: do not create empty block group if we have allocated data (bsc#1012452).\n\n - btrfs: do not decrease bytes_may_use when replaying extents (bsc#1012452).\n\n - btrfs: do not do nocow check unless we have to (bsc#1012452).\n\n - btrfs: do not do unnecessary delalloc flushes when relocating (bsc#1012452).\n\n - btrfs: do not force mounts to wait for cleaner_kthread to delete one or more subvolumes (bsc#1012452).\n\n - btrfs: do not wait for unrelated IO to finish before relocation (bsc#1012452).\n\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1035866).\n\n - btrfs: end transaction if we abort when creating uuid root (bsc#1012452).\n\n - btrfs: enhance btrfs_find_device_by_user_input() to check device path (bsc#1012452).\n\n - btrfs: error out if generic_bin_search get invalid arguments (bsc#1012452).\n\n - btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize (bsc#1012452).\n\n - btrfs: extend btrfs_set_extent_delalloc and its friends to support in-band dedupe and subpage size patchset (bsc#1012452).\n\n - btrfs: fill relocation block rsv after allocation (bsc#1012452).\n\n - btrfs: fix an integer overflow check (bsc#1012452).\n\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n\n - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452).\n\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452).\n\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452).\n\n - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452).\n\n - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452).\n\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n\n - btrfs: fix crash when tracepoint arguments are freed by wq callbacks (bsc#1012452).\n\n - btrfs: fix data loss after truncate when using the no-holes feature (bsc#1036214).\n\n - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452).\n\n - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452).\n\n - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452).\n\n - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452).\n\n - btrfs: fix double free of fs root (bsc#1012452).\n\n - btrfs: fix eb memory leak due to readpage failure (bsc#1012452).\n\n - btrfs: fix em leak in find_first_block_group (bsc#1012452).\n\n - btrfs: fix emptiness check for dirtied extent buffers at check_leaf() (bsc#1012452).\n\n - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452).\n\n - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452).\n\n - btrfs: fix free space calculation in dump_space_info() (bsc#1012452).\n\n - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452).\n\n - btrfs: fix fspath error deallocation (bsc#1012452).\n\n - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452).\n\n - btrfs: Fix integer overflow when calculating bytes_per_bitmap (bsc#1012452).\n\n - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395).\n\n - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex and uuid_mutex (bsc#1012452).\n\n - btrfs: fix lock dep warning move scratch super outside of chunk_mutex (bsc#1012452).\n\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n\n - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452).\n\n - btrfs: fix memory leak of block group cache (bsc#1012452).\n\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n\n - btrfs: fix mixed block count of available space (bsc#1012452).\n\n - btrfs: fix one bug that process may endlessly wait for ticket in wait_reserve_ticket() (bsc#1012452).\n\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n\n - btrfs: fix race between block group relocation and nocow writes (bsc#1012452).\n\n - btrfs: fix race between device replace and block group removal (bsc#1012452).\n\n - btrfs: fix race between device replace and chunk allocation (bsc#1012452).\n\n - btrfs: fix race between device replace and discard (bsc#1012452).\n\n - btrfs: fix race between device replace and read repair (bsc#1012452).\n\n - btrfs: fix race between fsync and direct IO writes for prealloc extents (bsc#1012452).\n\n - btrfs: fix race between readahead and device replace/removal (bsc#1012452).\n\n - btrfs: fix race setting block group back to RW mode during device replace (bsc#1012452).\n\n - btrfs: fix race setting block group readonly during device replace (bsc#1012452).\n\n - btrfs: fix read_node_slot to return errors (bsc#1012452).\n\n - btrfs: fix release reserved extents trace points (bsc#1012452).\n\n - btrfs: fix segmentation fault when doing dio read (bsc#1040425).\n\n - btrfs: Fix slab accounting flags (bsc#1012452).\n\n - btrfs: fix unexpected return value of fiemap (bsc#1012452).\n\n - btrfs: fix unprotected assignment of the left cursor for device replace (bsc#1012452).\n\n - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452).\n\n - btrfs: flush_space: treat return value of do_chunk_alloc properly (bsc#1012452).\n\n - btrfs: Force stripesize to the value of sectorsize (bsc#1012452).\n\n - btrfs: free sys_array eb as soon as possible (bsc#1012452).\n\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n\n - btrfs: Handle uninitialised inode eviction (bsc#1012452).\n\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n\n - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452).\n\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n\n - btrfs: introduce device delete by devid (bsc#1012452).\n\n - btrfs: introduce raid-type to error-code table, for minimum device constraint (bsc#1012452).\n\n - btrfs: introduce ticketed enospc infrastructure (bsc#1012452).\n\n - btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress (bsc#1012452).\n\n - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452).\n\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n\n - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452).\n\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452).\n\n - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452).\n\n - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452).\n\n - btrfs: kill unused writepage_io_hook callback (bsc#1012452).\n\n - btrfs: make find_workspace always succeed (bsc#1012452).\n\n - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452).\n\n - btrfs: make mapping->writeback_index point to the last written page (bsc#1012452).\n\n - btrfs: make state preallocation more speculative in\n __set_extent_bit (bsc#1012452).\n\n - btrfs: make sure device is synced before return (bsc#1012452).\n\n - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452).\n\n - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device() (bsc#1012452).\n\n - btrfs: memset to avoid stale content in btree leaf (bsc#1012452).\n\n - btrfs: memset to avoid stale content in btree node block (bsc#1012452).\n\n - btrfs: move error handling code together in ctree.h (bsc#1012452).\n\n - btrfs: optimize check for stale device (bsc#1012452).\n\n - btrfs: parent_start initialization cleanup (bsc#1012452).\n\n - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452).\n\n - btrfs: pass number of devices to btrfs_check_raid_min_devices (bsc#1012452).\n\n - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452).\n\n - btrfs: preallocate compression workspaces (bsc#1012452).\n\n - btrfs: Ratelimit 'no csum found' info message (bsc#1012452).\n\n - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452).\n\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning (bsc#1012452).\n\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n\n - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452).\n\n - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: remove save_error_info() (bsc#1012452).\n\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf (bsc#1012452).\n\n - btrfs: remove unused function btrfs_assert() (bsc#1012452).\n\n - btrfs: rename and document compression workspace members (bsc#1012452).\n\n - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452).\n\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452).\n\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452).\n\n - btrfs: reuse existing variable in scrub_stripe, reduce stack usage (bsc#1012452).\n\n - btrfs: s_bdev is not null after missing replace (bsc#1012452).\n\n - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block (bsc#1012452).\n\n - btrfs: send: silence an integer overflow warning (bsc#1012452).\n\n - btrfs: send: use temporary variable to store allocation size (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for clone_sources_tmp (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452).\n\n - btrfs: Simplify conditions about compress while mapping btrfs flags to inode flags (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452).\n\n - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_new (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452).\n\n - btrfs: skip commit transaction if we do not have enough pinned bytes (bsc#1037186).\n\n - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452).\n\n - btrfs: switch to common message helpers in open_ctree, adjust messages (bsc#1012452).\n\n - btrfs: sysfs: protect reading label by lock (bsc#1012452).\n\n - btrfs: trace pinned extents (bsc#1012452).\n\n - btrfs: track transid for delayed ref flushing (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move struct btrfs_ioctl_defrag_range_args (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452).\n\n - btrfs: unsplit printed strings (bsc#1012452).\n\n - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452).\n\n - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452).\n\n - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452).\n\n - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452).\n\n - btrfs: Use correct format specifier (bsc#1012452).\n\n - btrfs: use correct offset for reloc_inode in prealloc_file_extent_cluster() (bsc#1012452).\n\n - btrfs: use dynamic allocation for root item in create_subvol (bsc#1012452).\n\n - btrfs: use existing device constraints table btrfs_raid_array (bsc#1012452).\n\n - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes (bsc#1012452).\n\n - btrfs: use fs_info directly (bsc#1012452).\n\n - btrfs: use new error message helper in qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: use root when checking need_async_flush (bsc#1012452).\n\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452).\n\n - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452).\n\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n\n - ceph: check i_nlink while converting a file handle to dentry (bsc#1039864).\n\n - ceph: Check that the new inode size is within limits in ceph_fallocate() (bsc#1037969).\n\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n\n - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763).\n\n - cifs: backport prepath matching fix (bsc#799133).\n\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue).\n\n - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores (4.4.68 stable queue).\n\n - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717).\n\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n\n - dell-laptop: Adds support for keyboard backlight timeout AC settings (bsc#1013561).\n\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500).\n\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n\n - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125).\n\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n\n - dm round robin: do not use this_cpu_ptr() without having preemption disabled (bsc#1040125).\n\n - dm verity fec: fix block calculation (bsc#1040125).\n\n - dm verity fec: fix bufio leaks (bsc#1040125).\n\n - dm verity fec: limit error correction recursion (bsc#1040125).\n\n - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments (bsc#1031717).\n\n - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O (bsc#1031717).\n\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n\n - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error (bsc#1031717).\n\n - drm/i915: Fix mismatched INIT power domain disabling during suspend (bsc#1031717).\n\n - drm/i915: Nuke debug messages from the pipe update critical section (bsc#1031717).\n\n - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717).\n\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n\n - drm/i915: relax uncritical udelay_range() settings (bsc#1031717).\n\n - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl (bsc#1040463).\n\n - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable queue).\n\n - e1000e: Do not return uninitialized stats (bug#1034635).\n\n - enic: set skb->hash type properly (bsc#922871 fate#318754).\n\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n\n - f2fs: sanity check segment count (4.4.68 stable queue).\n\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n\n - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes).\n\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n\n - ibmvnic: Add set_link_state routine for setting adapter link state (fate#322021, bsc#1031512).\n\n - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021, bsc#1038297).\n\n - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297).\n\n - ibmvnic: Continue skb processing after skb completion error (fate#322021, bsc#1038297).\n\n - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the bounce buffer (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the rx pool (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the tx pool (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init/release routines for stats token (fate#322021, bsc#1031512).\n\n - ibmvnic: Delete napi's when releasing driver resources (fate#322021, bsc#1038297).\n\n - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512).\n\n - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021, bsc#1031512).\n\n - ibmvnic: fix missing unlock on error in\n __ibmvnic_reset() (fate#322021, bsc#1038297, Fixes:\n ed651a10875f).\n\n - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512).\n\n - ibmvnic: Free skb's in cases of failure in transmit (fate#322021, bsc#1031512).\n\n - ibmvnic: Insert header on VLAN tagged received frame (fate#322021, bsc#1031512).\n\n - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021, bsc#1031512).\n\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021, bsc#1031512).\n\n - ibmvnic: Move initialization of the stats token to ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021, bsc#1038297).\n\n - ibmvnic: Move resource initialization to its own routine (fate#322021, bsc#1038297).\n\n - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512).\n\n - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297).\n\n - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512).\n\n - ibmvnic: Remove inflight list (fate#322021, bsc#1031512).\n\n - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512).\n\n - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297).\n\n - ibmvnic: Report errors when failing to release sub-crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512).\n\n - ibmvnic: Split initialization of scrqs to its own routine (fate#322021, bsc#1031512).\n\n - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512).\n\n - ibmvnic: Updated reset handling (fate#322021, bsc#1038297).\n\n - ibmvnic: Update main crq initialization and release (fate#322021, bsc#1031512).\n\n - ibmvnic: Validate napi exist before disabling them (fate#322021, bsc#1031512).\n\n - ibmvnic: Wait for any pending scrqs entries at driver close (fate#322021, bsc#1038297).\n\n - ibmvnic: Whitespace correction in release_rx_pools (fate#322021, bsc#1038297).\n\n - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717).\n\n - iio: Workaround for kABI breakage by 4.4.67 iio hid-sensor changes (stable-4.4.67).\n\n - infiniband: avoid dereferencing uninitialized dst on error path (git-fixes).\n\n - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843).\n\n - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842).\n\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848).\n\n - iommu: Handle default domain attach failure (bsc#1038846).\n\n - iommu/vt-d: Do not over-free page table directories (bsc#1038847).\n\n - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header (4.4.68 stable queue).\n\n - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable queue).\n\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable queue).\n\n - isa: Call isa_bus_init before dependent ISA bus drivers register (bsc#1031717).\n\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570).\n\n - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n\n - kABI: move and hide new cxgbi device owner field (bsc#1018885).\n\n - kABI: protect cgroup include in kernel/kthread (kabi).\n\n - kABI: protect struct mnt_namespace (kabi).\n\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n\n - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed (4.4.68 stable queue).\n\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue).\n\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue).\n\n - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable queue).\n\n - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125).\n\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in nbytes (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices (bsc#1003581).\n\n - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125).\n\n - livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421).\n\n - locking/ww_mutex: Fix compilation of\n __WW_MUTEX_INITIALIZER (bsc#1031717).\n\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n\n - md.c:didn't unlock the mddev before return EINVAL in array_size_store (bsc#1038143).\n\n - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087).\n\n - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop (bsc#1038142).\n\n - md/raid1: avoid reusing a resync bio after error handling (Fate#311379).\n\n - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717).\n\n - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717).\n\n - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717).\n\n - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717).\n\n - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717).\n\n - media: cx23885: uninitialized variable in cx23885_av_work_handler() (bsc#1031717).\n\n - media: DaVinci-VPBE: Check return value of a setup_if_config() call in vpbe_set_output() (bsc#1031717).\n\n - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717).\n\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n\n - media: dvb-usb: avoid link error with dib3000m(b,c| (bsc#1031717).\n\n - media: exynos4-is: fix a format string bug (bsc#1031717).\n\n - media: gspca: konica: add missing endpoint sanity check (bsc#1031717).\n\n - media: lirc_imon: do not leave imon_probe() with mutex held (bsc#1031717).\n\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717).\n\n - media: rc: allow rc modules to be loaded if rc-main is not a module (bsc#1031717).\n\n - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717).\n\n - media: sh-vou: clarify videobuf2 dependency (bsc#1031717).\n\n - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs() (bsc#1031717).\n\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n\n - media: uvcvideo: Fix empty packet statistic (bsc#1031717).\n\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue).\n\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n\n - mm,compaction: serialize waitqueue_active() checks (bsc#971975).\n\n - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717).\n\n - mmc: sdhci: restore behavior when setting VDD via external regulator (bsc#1031717).\n\n - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM -- git fixes).\n\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue).\n\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable queue).\n\n - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717).\n\n - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717).\n\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue).\n\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'chan_num' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n\n - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes).\n\n - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes).\n\n - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes).\n\n - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes).\n\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (bsc#1004003).\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (bsc#1004003).\n\n - pci: pciehp: Prioritize data-link event over presence detect (bsc#1031040,bsc#1037483).\n\n - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057).\n\n - pci: Work around Intel Sunrise Point PCH incorrect ACS capability (bsc#1030057).\n\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell server (bsc#1035887).\n\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue).\n\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (bnc#1012985).\n\n - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717).\n\n - platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks (bsc#1031717).\n\n - PM / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717).\n\n - PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs (bsc#1031717).\n\n - PM / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717).\n\n - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717).\n\n - powerpc: Create a helper for getting the kernel toc value (FATE#322421).\n\n - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel (FATE#322421).\n\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI (FATE#322421).\n\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace (FATE#322421).\n\n - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421).\n\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421).\n\n - powerpc/livepatch: Add livepatch header (FATE#322421).\n\n - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421).\n\n - powerpc/livepatch: Add livepatch stack to struct thread_info (FATE#322421).\n\n - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).\n\n - powerpc/module: Mark module stubs with a magic value (FATE#322421).\n\n - powerpc/module: Only try to generate the ftrace_caller() stub once (FATE#322421).\n\n - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount() call (FATE#322421).\n\n - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Call power_supply_changed() for relevant component (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Call set_mode_host() on pm_resume() (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Do not read fault register outside irq_handle_thread() (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Handle fault before status on interrupt (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() (4.4.68 stable queue).\n\n - ppc64le: Update ppc64le config files to use KGRAFT.\n\n - printk: Switch to the sync mode when an emergency message is printed (bsc#1034995).\n\n - RDMA/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570).\n\n - RDMA/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570).\n\n - RDMA/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570).\n\n - regulator: isl9305: fix array size (bsc#1031717).\n\n - Revert 'acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison)' (kabi).\n\n - Revert 'KVM: nested VMX: disable perf cpuid reporting' (4.4.68 stable queue).\n\n - Revert 'l2tp: take reference on sessions being dumped' (kabi).\n\n - Revert 'mac80211: pass block ack session timeout to to driver' (kabi).\n\n - Revert 'mac80211: RX BA support for sta max_rx_aggregation_subframes' (kabi).\n\n - Revert 'wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event' (kabi).\n\n - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate (bsc#1035922)\n\n - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable queue).\n\n - s390/dasd: check if query host access feature is supported (bsc#1037871).\n\n - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458).\n\n - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458).\n\n - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458).\n\n - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458).\n\n - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo() (bsc#1038458).\n\n - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458).\n\n - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458).\n\n - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458).\n\n - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458).\n\n - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458).\n\n - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6 (bsc#1038458).\n\n - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458).\n\n - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458).\n\n - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458).\n\n - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458).\n\n - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458).\n\n - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458).\n\n - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458).\n\n - scsi: be2iscsi: Move functions to right files (bsc#1038458).\n\n - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458).\n\n - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458).\n\n - scsi: be2iscsi: Remove alloc_mcc_tag & beiscsi_pci_soft_reset (bsc#1038458).\n\n - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458).\n\n - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458).\n\n - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458).\n\n - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458).\n\n - scsi: be2iscsi: Update copyright information (bsc#1038458).\n\n - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458).\n\n - scsi: be2iscsi: Update the driver version (bsc#1038458).\n\n - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885).\n\n - scsi: cxlflash: Remove the device cleanly in the system shutdown path (bsc#1028310, fate#321597, bsc#1034762).\n cherry-pick from SP3\n\n - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340).\n\n - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910).\n\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920).\n\n - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue).\n\n - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125).\n\n - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68 stable queue).\n\n - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable queue).\n\n - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable queue).\n\n - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data() (bsc#1031717).\n\n - staging: wlan-ng: add missing byte order conversion (4.4.68 stable queue).\n\n - sunrpc: Allow xprt->ops->timer method to sleep (git-fixes).\n\n - sunrpc: fix UDP memory accounting (git-fixes).\n\n - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue).\n\n - tcp: do not underestimate skb->truesize in tcp_trim_head() (4.4.68 stable queue).\n\n - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue).\n\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n\n - usb: chipidea: Handle extcon events properly (4.4.68 stable queue).\n\n - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable queue).\n\n - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue).\n\n - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue).\n\n - usb: musb: ux500: Fix NULL pointer dereference at system PM (bsc#1038033).\n\n - usb: serial: ark3116: fix open error handling (bnc#1038043).\n\n - usb: serial: ch341: add register and USB request definitions (bnc#1038043).\n\n - usb: serial: ch341: add support for parity, frame length, stop bits (bnc#1038043).\n\n - usb: serial: ch341: fix baud rate and line-control handling (bnc#1038043).\n\n - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043).\n\n - usb: serial: ch341: fix modem-status handling (bnc#1038043).\n\n - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043).\n\n - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68 stable queue).\n\n - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043).\n\n - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable queue).\n\n - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable queue).\n\n - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043).\n\n - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable queue).\n\n - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable queue).\n\n - usb: serial: quatech2: fix control-message error handling (bnc#1038043).\n\n - usb: serial: sierra: fix bogus alternate-setting assumption (bnc#1038043).\n\n - usb: serial: ssu100: fix control-message error handling (bnc#1038043).\n\n - usb: serial: ti_usb_3410_5052: fix control-message error handling (4.4.68 stable queue).\n\n - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available.\n\n - Use up spare in struct module for livepatch (FATE#322421).\n\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752).\n\n - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable queue).\n\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 (4.4.68 stable queue).\n\n - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68 stable queue).\n\n - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024).\n\n - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024).\n\n - x86/platform/uv/BAU: Add status mmr location fields to bau_control (bsc#1035024).\n\n - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024).\n\n - x86/platform/uv/BAU: Add uv_bau_version enumerated constants (bsc#1035024).\n\n - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024).\n\n - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024).\n\n - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (bsc#1035024).\n\n - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024).\n\n - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024).\n\n - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (bsc#1035024).\n\n - x86/platform/uv/BAU: Disable software timeout on UV4 hardware (bsc#1035024).\n\n - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (bsc#1035024).\n\n - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware (bsc#1035024).\n\n - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (bsc#1035024).\n\n - x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version information (bsc#1035024).\n\n - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024).\n\n - xen: adjust early dom0 p2m handling to xen hypervisor behavior (bnc#1031470).\n\n - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1041160).\n\n - xfs: fix eofblocks race with file extending async dio writes (bsc#1040929).\n\n - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168).\n\n - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() (bsc#1041168).\n\n - xfs: in _attrlist_by_handle, copy the cursor back to userspace (bsc#1041242).\n\n - xfs: only return -errno or success from attr\n ->put_listent (bsc#1041242).\n\n - xfs: Split default quota limits by quota type (bsc#1040941).\n\n - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160).", "cvss3": {}, "published": "2017-06-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-666)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7487", "CVE-2017-7645", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-666.NASL", "href": "https://www.tenable.com/plugins/nessus/100711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-666.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100711);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-7487\", \"CVE-2017-7645\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-666)\");\n script_summary(english:\"Check for the openSUSE-2017-666 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in\n the Linux kernel did not consider that the nexthdr field\n may be associated with an invalid option, which allowed\n local users to cause a denial of service (out-of-bounds\n read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-7487: The ipxitf_ioctl function in\n net/ipx/af_ipx.c in the Linux kernel mishandled\n reference counts, which allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a failed SIOCGIFADDR ioctl\n call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allowed attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in\n kernel/bpf/verifier.c in the Linux kernel did not make\n the allow_ptr_leaks value available for restricting the\n output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via\n crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd\n subsystem in the Linux kernel allowed remote attackers\n to cause a denial of service (system crash) via a long\n RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670)\n\nThe following non-security bugs were fixed :\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI\n removal (bsc#1031717).\n\n - acpi / scan: Drop support for force_remove\n (bnc#1029607).\n\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n\n - alsa: hda - Fix deadlock of controller device lock at\n unbinding (4.4.68 stable queue).\n\n - arm: 8452/3: PJ4: make coprocessor access sequences\n buildable in Thumb2 mode (4.4.68 stable queue).\n\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build\n (4.4.68 stable queue).\n\n - asoc: rt5640: use msleep() for long delays\n (bsc#1031717).\n\n - asoc: sti: Fix error handling if of_clk_get() fails\n (bsc#1031717).\n\n - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in\n fixed PHB numbering (bsc#989311)\n\n - block: get rid of blk_integrity_revalidate() (4.4.68\n stable queue).\n\n - bna: avoid writing uninitialized data into hw registers\n (bsc#966321 FATE#320156).\n\n - bnxt_en: allocate enough space for ->ntp_fltr_bmap\n (bsc#1020412 FATE#321671).\n\n - bpf, arm64: fix jit branch offset related to ldimm64\n (4.4.68 stable queue).\n\n - brcmfmac: Ensure pointer correctly set if skb data\n location changes (4.4.68 stable queue).\n\n - brcmfmac: Make skb header writable before use (4.4.68\n stable queue).\n\n - brcmfmac: restore stopping netdev queue when bus clogs\n up (bsc#1031717).\n\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n\n - btrfs: add ASSERT for block group's memory leak\n (bsc#1012452).\n\n - btrfs: add btrfs_trans_handle->fs_info pointer\n (bsc#1012452).\n\n - btrfs: add bytes_readonly to the spaceinfo at once\n (bsc#1012452).\n\n - btrfs: add check to sysfs handler of label\n (bsc#1012452).\n\n - btrfs: add dynamic debug support (bsc#1012452).\n\n - btrfs: add error handling for extent buffer in print\n tree (bsc#1012452).\n\n - btrfs: add missing bytes_readonly attribute file in\n sysfs (bsc#1012452).\n\n - btrfs: add missing check for writeback errors on fsync\n (bsc#1012452).\n\n - btrfs: add more validation checks for superblock\n (bsc#1012452).\n\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n\n - btrfs: add read-only check to sysfs handler of features\n (bsc#1012452).\n\n - btrfs: add semaphore to synchronize direct IO writes\n with fsync (bsc#1012452).\n\n - btrfs: add tracepoint for adding block groups\n (bsc#1012452).\n\n - btrfs: add tracepoints for flush events (bsc#1012452).\n\n - btrfs: add validadtion checks for chunk loading\n (bsc#1012452).\n\n - btrfs: add write protection to SET_FEATURES ioctl\n (bsc#1012452).\n\n - btrfs: allow balancing to dup with multi-device\n (bsc#1012452).\n\n - btrfs: always reserve metadata for delalloc extents\n (bsc#1012452).\n\n - btrfs: always use trans->block_rsv for orphans\n (bsc#1012452).\n\n - btrfs: avoid blocking open_ctree from cleaner_kthread\n (bsc#1012452).\n\n - btrfs: avoid deadlocks during reservations in\n btrfs_truncate_block (bsc#1012452).\n\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n\n - btrfs: btrfs_abort_transaction, drop root parameter\n (bsc#1012452).\n\n - btrfs: __btrfs_buffered_write: Pass valid file offset\n when releasing delalloc space (bsc#1012452).\n\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize\n (bsc#1012452).\n\n - btrfs: btrfs_debug should consume fs_info when DEBUG is\n not defined (bsc#1012452).\n\n - btrfs: btrfs_relocate_chunk pass extent_root to\n btrfs_end_transaction (bsc#1012452).\n\n - btrfs: build fixup for qgroup_account_snapshot\n (bsc#1012452).\n\n - btrfs: change BUG_ON()'s to ASSERT()'s in\n backref_cache_cleanup() (bsc#1012452).\n\n - btrfs: change delayed reservation fallback behavior\n (bsc#1012452).\n\n - btrfs: change how we calculate the global block rsv\n (bsc#1012452).\n\n - btrfs: check btree node's nritems (bsc#1012452).\n\n - btrfs: check if extent buffer is aligned to sectorsize\n (bsc#1012452).\n\n - btrfs: check inconsistence between chunk and block group\n (bsc#1012452).\n\n - btrfs: clarify do_chunk_alloc()'s return value\n (bsc#1012452).\n\n - btrfs: clean the old superblocks before freeing the\n device (bsc#1012452).\n\n - btrfs: clean up and optimize __check_raid_min_device()\n (bsc#1012452).\n\n - btrfs: cleanup assigning next active device with a check\n (bsc#1012452).\n\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n\n - btrfs: cleanup error handling in\n extent_write_cached_pages (bsc#1012452).\n\n - btrfs: clear uptodate flags of pages in sys_array eb\n (bsc#1012452).\n\n - btrfs: clone: use vmalloc only as fallback for nodesize\n bufer (bsc#1012452).\n\n - btrfs: convert nodesize macros to static inlines\n (bsc#1012452).\n\n - btrfs: convert printk(KERN_* to use pr_* calls\n (bsc#1012452).\n\n - btrfs: convert pr_* to btrfs_* where possible\n (bsc#1012452).\n\n - btrfs: convert send's verbose_printk to btrfs_debug\n (bsc#1012452).\n\n - btrfs: copy_to_sk drop unused root parameter\n (bsc#1012452).\n\n - btrfs: create a helper function to read the disk super\n (bsc#1012452).\n\n - btrfs: create example debugfs file only in debugging\n build (bsc#1012452).\n\n - btrfs: create helper btrfs_find_device_by_user_input()\n (bsc#1012452).\n\n - btrfs: create helper function __check_raid_min_devices()\n (bsc#1012452).\n\n - btrfs: detect corruption when non-root leaf has zero\n item (bsc#1012452).\n\n - btrfs: divide btrfs_update_reserved_bytes() into two\n functions (bsc#1012452).\n\n - btrfs: do not background blkdev_put() (bsc#1012452).\n\n - btrfs: do not bother kicking async if there's nothing to\n reclaim (bsc#1012452).\n\n - btrfs: do not BUG_ON() in btrfs_orphan_add\n (bsc#1012452).\n\n - btrfs: do not create empty block group if we have\n allocated data (bsc#1012452).\n\n - btrfs: do not decrease bytes_may_use when replaying\n extents (bsc#1012452).\n\n - btrfs: do not do nocow check unless we have to\n (bsc#1012452).\n\n - btrfs: do not do unnecessary delalloc flushes when\n relocating (bsc#1012452).\n\n - btrfs: do not force mounts to wait for cleaner_kthread\n to delete one or more subvolumes (bsc#1012452).\n\n - btrfs: do not wait for unrelated IO to finish before\n relocation (bsc#1012452).\n\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO\n errors (bsc#1035866).\n\n - btrfs: end transaction if we abort when creating uuid\n root (bsc#1012452).\n\n - btrfs: enhance btrfs_find_device_by_user_input() to\n check device path (bsc#1012452).\n\n - btrfs: error out if generic_bin_search get invalid\n arguments (bsc#1012452).\n\n - btrfs: expand cow_file_range() to support in-band dedup\n and subpage-blocksize (bsc#1012452).\n\n - btrfs: extend btrfs_set_extent_delalloc and its friends\n to support in-band dedupe and subpage size patchset\n (bsc#1012452).\n\n - btrfs: fill relocation block rsv after allocation\n (bsc#1012452).\n\n - btrfs: fix an integer overflow check (bsc#1012452).\n\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n\n - btrfs: Fix BUG_ON condition in\n scrub_setup_recheck_block() (bsc#1012452).\n\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty\n (bsc#1012452).\n\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write\n (bsc#1012452).\n\n - btrfs: fix callers of btrfs_block_rsv_migrate\n (bsc#1012452).\n\n - btrfs: fix check_direct_IO() for non-iovec iterators\n (bsc#1012452).\n\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n\n - btrfs: fix crash when tracepoint arguments are freed by\n wq callbacks (bsc#1012452).\n\n - btrfs: fix data loss after truncate when using the\n no-holes feature (bsc#1036214).\n\n - btrfs: fix deadlock in delayed_ref_async_start\n (bsc#1012452).\n\n - btrfs: fix delalloc reservation amount tracepoint\n (bsc#1012452).\n\n - btrfs: fix disk_i_size update bug when fallocate() fails\n (bsc#1012452).\n\n - btrfs: fix divide error upon chunk's stripe_len\n (bsc#1012452).\n\n - btrfs: fix double free of fs root (bsc#1012452).\n\n - btrfs: fix eb memory leak due to readpage failure\n (bsc#1012452).\n\n - btrfs: fix em leak in find_first_block_group\n (bsc#1012452).\n\n - btrfs: fix emptiness check for dirtied extent buffers at\n check_leaf() (bsc#1012452).\n\n - btrfs: fix error handling in map_private_extent_buffer\n (bsc#1012452).\n\n - btrfs: fix error return code in btrfs_init_test_fs()\n (bsc#1012452).\n\n - btrfs: fix free space calculation in dump_space_info()\n (bsc#1012452).\n\n - btrfs: fix fsfreeze hang caused by delayed iputs deal\n (bsc#1012452).\n\n - btrfs: fix fspath error deallocation (bsc#1012452).\n\n - btrfs: fix int32 overflow in shrink_delalloc()\n (bsc#1012452).\n\n - btrfs: Fix integer overflow when calculating\n bytes_per_bitmap (bsc#1012452).\n\n - btrfs: fix invalid dereference in btrfs_retry_endio\n (bsc#1040395).\n\n - btrfs: fix lock dep warning, move scratch dev out of\n device_list_mutex and uuid_mutex (bsc#1012452).\n\n - btrfs: fix lock dep warning move scratch super outside\n of chunk_mutex (bsc#1012452).\n\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n\n - btrfs: fix memory leak during RAID 5/6 device\n replacement (bsc#1012452).\n\n - btrfs: fix memory leak of block group cache\n (bsc#1012452).\n\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n\n - btrfs: fix mixed block count of available space\n (bsc#1012452).\n\n - btrfs: fix one bug that process may endlessly wait for\n ticket in wait_reserve_ticket() (bsc#1012452).\n\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n\n - btrfs: fix race between block group relocation and nocow\n writes (bsc#1012452).\n\n - btrfs: fix race between device replace and block group\n removal (bsc#1012452).\n\n - btrfs: fix race between device replace and chunk\n allocation (bsc#1012452).\n\n - btrfs: fix race between device replace and discard\n (bsc#1012452).\n\n - btrfs: fix race between device replace and read repair\n (bsc#1012452).\n\n - btrfs: fix race between fsync and direct IO writes for\n prealloc extents (bsc#1012452).\n\n - btrfs: fix race between readahead and device\n replace/removal (bsc#1012452).\n\n - btrfs: fix race setting block group back to RW mode\n during device replace (bsc#1012452).\n\n - btrfs: fix race setting block group readonly during\n device replace (bsc#1012452).\n\n - btrfs: fix read_node_slot to return errors\n (bsc#1012452).\n\n - btrfs: fix release reserved extents trace points\n (bsc#1012452).\n\n - btrfs: fix segmentation fault when doing dio read\n (bsc#1040425).\n\n - btrfs: Fix slab accounting flags (bsc#1012452).\n\n - btrfs: fix unexpected return value of fiemap\n (bsc#1012452).\n\n - btrfs: fix unprotected assignment of the left cursor for\n device replace (bsc#1012452).\n\n - btrfs: fix WARNING in btrfs_select_ref_head()\n (bsc#1012452).\n\n - btrfs: flush_space: treat return value of do_chunk_alloc\n properly (bsc#1012452).\n\n - btrfs: Force stripesize to the value of sectorsize\n (bsc#1012452).\n\n - btrfs: free sys_array eb as soon as possible\n (bsc#1012452).\n\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n\n - btrfs: Handle uninitialised inode eviction\n (bsc#1012452).\n\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n\n - btrfs: improve check_node to avoid reading corrupted\n nodes (bsc#1012452).\n\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n\n - btrfs: introduce device delete by devid (bsc#1012452).\n\n - btrfs: introduce raid-type to error-code table, for\n minimum device constraint (bsc#1012452).\n\n - btrfs: introduce ticketed enospc infrastructure\n (bsc#1012452).\n\n - btrfs: introduce tickets_id to determine whether\n asynchronous metadata reclaim work makes progress\n (bsc#1012452).\n\n - btrfs: ioctl: reorder exclusive op check in RM_DEV\n (bsc#1012452).\n\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n\n - btrfs: kill BUG_ON in run_delayed_tree_ref\n (bsc#1012452).\n\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written\n (bsc#1012452).\n\n - btrfs: kill invalid ASSERT() in process_all_refs()\n (bsc#1012452).\n\n - btrfs: kill the start argument to\n read_extent_buffer_pages (bsc#1012452).\n\n - btrfs: kill unused writepage_io_hook callback\n (bsc#1012452).\n\n - btrfs: make find_workspace always succeed (bsc#1012452).\n\n - btrfs: make find_workspace warn if there are no\n workspaces (bsc#1012452).\n\n - btrfs: make mapping->writeback_index point to the last\n written page (bsc#1012452).\n\n - btrfs: make state preallocation more speculative in\n __set_extent_bit (bsc#1012452).\n\n - btrfs: make sure device is synced before return\n (bsc#1012452).\n\n - btrfs: make use of btrfs_find_device_by_user_input()\n (bsc#1012452).\n\n - btrfs: make use of btrfs_scratch_superblocks() in\n btrfs_rm_device() (bsc#1012452).\n\n - btrfs: memset to avoid stale content in btree leaf\n (bsc#1012452).\n\n - btrfs: memset to avoid stale content in btree node block\n (bsc#1012452).\n\n - btrfs: move error handling code together in ctree.h\n (bsc#1012452).\n\n - btrfs: optimize check for stale device (bsc#1012452).\n\n - btrfs: parent_start initialization cleanup\n (bsc#1012452).\n\n - btrfs: pass correct args to\n btrfs_async_run_delayed_refs() (bsc#1012452).\n\n - btrfs: pass number of devices to\n btrfs_check_raid_min_devices (bsc#1012452).\n\n - btrfs: pass the right error code to the btrfs_std_error\n (bsc#1012452).\n\n - btrfs: preallocate compression workspaces (bsc#1012452).\n\n - btrfs: Ratelimit 'no csum found' info message\n (bsc#1012452).\n\n - btrfs: refactor btrfs_dev_replace_start for reuse\n (bsc#1012452).\n\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler\n warning (bsc#1012452).\n\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n\n - btrfs: remove BUG_ON()'s in btrfs_map_block\n (bsc#1012452).\n\n - btrfs: remove build fixup for qgroup_account_snapshot\n (bsc#1012452).\n\n - btrfs: remove save_error_info() (bsc#1012452).\n\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in\n split_leaf (bsc#1012452).\n\n - btrfs: remove unused function btrfs_assert()\n (bsc#1012452).\n\n - btrfs: rename and document compression workspace members\n (bsc#1012452).\n\n - btrfs: rename btrfs_find_device_by_user_input\n (bsc#1012452).\n\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error\n (bsc#1012452).\n\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl()\n (bsc#1012452).\n\n - btrfs: reuse existing variable in scrub_stripe, reduce\n stack usage (bsc#1012452).\n\n - btrfs: s_bdev is not null after missing replace\n (bsc#1012452).\n\n - btrfs: scrub: Set bbio to NULL before calling\n btrfs_map_block (bsc#1012452).\n\n - btrfs: send: silence an integer overflow warning\n (bsc#1012452).\n\n - btrfs: send: use temporary variable to store allocation\n size (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for\n clone_roots (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for\n clone_sources_tmp (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for read_buf\n (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for send_buf\n (bsc#1012452).\n\n - btrfs: Simplify conditions about compress while mapping\n btrfs flags to inode flags (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_extent_bits\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_extent_dirty\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_record_extent_bits\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to convert_extent_bit\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_bits\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_defrag\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_delalloc\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_new\n (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_record_extent_bits\n (bsc#1012452).\n\n - btrfs: skip commit transaction if we do not have enough\n pinned bytes (bsc#1037186).\n\n - btrfs: subpage-blocksize: Rate limit scrub error message\n (bsc#1012452).\n\n - btrfs: switch to common message helpers in open_ctree,\n adjust messages (bsc#1012452).\n\n - btrfs: sysfs: protect reading label by lock\n (bsc#1012452).\n\n - btrfs: trace pinned extents (bsc#1012452).\n\n - btrfs: track transid for delayed ref flushing\n (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, document subvol\n flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move balance flags\n (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move\n BTRFS_LABEL_SIZE (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move feature flags\n (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move struct\n btrfs_ioctl_defrag_range_args (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags\n (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and\n defines (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64\n (bsc#1012452).\n\n - btrfs: unsplit printed strings (bsc#1012452).\n\n - btrfs: untangle gotos a bit in __clear_extent_bit\n (bsc#1012452).\n\n - btrfs: untangle gotos a bit in convert_extent_bit\n (bsc#1012452).\n\n - btrfs: untangle gotos a bit in __set_extent_bit\n (bsc#1012452).\n\n - btrfs: update btrfs_space_info's bytes_may_use timely\n (bsc#1012452).\n\n - btrfs: Use correct format specifier (bsc#1012452).\n\n - btrfs: use correct offset for reloc_inode in\n prealloc_file_extent_cluster() (bsc#1012452).\n\n - btrfs: use dynamic allocation for root item in\n create_subvol (bsc#1012452).\n\n - btrfs: use existing device constraints table\n btrfs_raid_array (bsc#1012452).\n\n - btrfs: use FLUSH_LIMIT for relocation in\n reserve_metadata_bytes (bsc#1012452).\n\n - btrfs: use fs_info directly (bsc#1012452).\n\n - btrfs: use new error message helper in\n qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: use root when checking need_async_flush\n (bsc#1012452).\n\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO\n (bsc#1012452).\n\n - btrfs: Use __u64 in exported linux/btrfs.h\n (bsc#1012452).\n\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n\n - ceph: check i_nlink while converting a file handle to\n dentry (bsc#1039864).\n\n - ceph: Check that the new inode size is within limits in\n ceph_fallocate() (bsc#1037969).\n\n - ceph: Correctly return NXIO errors from ceph_llseek\n (git-fixes).\n\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n\n - ceph: fix memory leak in __ceph_setxattr()\n (bsc#1036763).\n\n - cifs: backport prepath matching fix (bsc#799133).\n\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68\n stable queue).\n\n - cpupower: Fix turbo frequency reporting for pre-Sandy\n Bridge cores (4.4.68 stable queue).\n\n - crypto: algif_aead - Require setkey before accept(2)\n (bsc#1031717).\n\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n\n - dell-laptop: Adds support for keyboard backlight timeout\n AC settings (bsc#1013561).\n\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel\n (bsc#1031500).\n\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n\n - dm: fix dm_target_io leak if clone_bio() returns an\n error (bsc#1040125).\n\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n\n - dm round robin: do not use this_cpu_ptr() without having\n preemption disabled (bsc#1040125).\n\n - dm verity fec: fix block calculation (bsc#1040125).\n\n - dm verity fec: fix bufio leaks (bsc#1040125).\n\n - dm verity fec: limit error correction recursion\n (bsc#1040125).\n\n - drivers: base: dma-mapping: Fix typo in\n dmam_alloc_non_coherent comments (bsc#1031717).\n\n - drivers/tty: 8250: only call fintek_8250_probe when\n doing port I/O (bsc#1031717).\n\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n\n - drm/i915: Do not touch NULL sg on\n i915_gem_object_get_pages_gtt() error (bsc#1031717).\n\n - drm/i915: Fix mismatched INIT power domain disabling\n during suspend (bsc#1031717).\n\n - drm/i915: Nuke debug messages from the pipe update\n critical section (bsc#1031717).\n\n - drm/i915: Program iboost settings for HDMI/DVI on SKL\n (bsc#1031717).\n\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n\n - drm/i915: relax uncritical udelay_range() settings\n (bsc#1031717).\n\n - drm/i915: Use pagecache write to prepopulate shmemfs\n from pwrite-ioctl (bsc#1040463).\n\n - drm/ttm: fix use-after-free races in vm fault handling\n (4.4.68 stable queue).\n\n - e1000e: Do not return uninitialized stats (bug#1034635).\n\n - enic: set skb->hash type properly (bsc#922871\n fate#318754).\n\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n\n - f2fs: sanity check segment count (4.4.68 stable queue).\n\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready\n (bsc#1035920).\n\n - fs/block_dev: always invalidate cleancache in\n invalidate_bdev() (git-fixes).\n\n - fs: fix data invalidation in the cleancache during\n direct IO (git-fixes).\n\n - fs/xattr.c: zero out memory copied to userspace in\n getxattr (git-fixes).\n\n - ftrace: Make ftrace_location_range() global\n (FATE#322421).\n\n - ibmvnic: Add set_link_state routine for setting adapter\n link state (fate#322021, bsc#1031512).\n\n - ibmvnic: Allocate zero-filled memory for sub crqs\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Check for driver reset first in ibmvnic_xmit\n (fate#322021, bsc#1038297).\n\n - ibmvnic: Cleanup failure path in ibmvnic_open\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Clean up tx pools when closing (fate#322021,\n bsc#1038297).\n\n - ibmvnic: Continue skb processing after skb completion\n error (fate#322021, bsc#1038297).\n\n - ibmvnic: Correct crq and resource releasing\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the bounce\n buffer (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the rx\n pool (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the tx\n pool (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init/release routines for stats token\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Delete napi's when releasing driver resources\n (fate#322021, bsc#1038297).\n\n - ibmvnic: Disable irq prior to close (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Do not disable IRQ after scheduling tasklet\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format\n (fate#322021, bsc#1031512).\n\n - ibmvnic: fix missing unlock on error in\n __ibmvnic_reset() (fate#322021, bsc#1038297, Fixes:\n ed651a10875f).\n\n - ibmvnic: Fixup atomic API usage (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Free skb's in cases of failure in transmit\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Insert header on VLAN tagged received frame\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Merge the two release_sub_crq_queue routines\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Move initialization of the stats token to\n ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete\n (fate#322021, bsc#1038297).\n\n - ibmvnic: Move resource initialization to its own routine\n (fate#322021, bsc#1038297).\n\n - ibmvnic: Only retrieve error info if present\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Record SKB RX queue during poll (fate#322021,\n bsc#1038297).\n\n - ibmvnic: Remove debugfs support (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Remove inflight list (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Remove unused bouce buffer (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Replace is_closed with state field\n (fate#322021, bsc#1038297).\n\n - ibmvnic: Report errors when failing to release sub-crqs\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Set real number of rx queues (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Split initialization of scrqs to its own\n routine (fate#322021, bsc#1031512).\n\n - ibmvnic: Unmap longer term buffer before free\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Updated reset handling (fate#322021,\n bsc#1038297).\n\n - ibmvnic: Update main crq initialization and release\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Validate napi exist before disabling them\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Wait for any pending scrqs entries at driver\n close (fate#322021, bsc#1038297).\n\n - ibmvnic: Whitespace correction in release_rx_pools\n (fate#322021, bsc#1038297).\n\n - iio: hid-sensor: Store restore poll and hysteresis on S3\n (bsc#1031717).\n\n - iio: Workaround for kABI breakage by 4.4.67 iio\n hid-sensor changes (stable-4.4.67).\n\n - infiniband: avoid dereferencing uninitialized dst on\n error path (git-fixes).\n\n - iommu/arm-smmu: Disable stalling faults for all\n endpoints (bsc#1038843).\n\n - iommu/dma: Respect IOMMU aperture when allocating\n (bsc#1038842).\n\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache\n (bsc#1038848).\n\n - iommu: Handle default domain attach failure\n (bsc#1038846).\n\n - iommu/vt-d: Do not over-free page table directories\n (bsc#1038847).\n\n - ipv4, ipv6: ensure raw socket message is big enough to\n hold an IP header (4.4.68 stable queue).\n\n - ipv6: initialize route null entry in addrconf_init()\n (4.4.68 stable queue).\n\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf\n (4.4.68 stable queue).\n\n - isa: Call isa_bus_init before dependent ISA bus drivers\n register (bsc#1031717).\n\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp\n (bsc#1026570).\n\n - KABI: Hide new include in arch/powerpc/kernel/process.c\n (fate#322421).\n\n - kABI: move and hide new cxgbi device owner field\n (bsc#1018885).\n\n - kABI: protect cgroup include in kernel/kthread (kabi).\n\n - kABI: protect struct mnt_namespace (kabi).\n\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n\n - kprobes/x86: Fix kernel panic when certain\n exception-handling addresses are probed (4.4.68 stable\n queue).\n\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68\n stable queue).\n\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68\n stable queue).\n\n - leds: ktd2692: avoid harmless maybe-uninitialized\n warning (4.4.68 stable queue).\n\n - libata-scsi: Fixup ata_gen_passthru_sense()\n (bsc#1040125).\n\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation\n (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing\n of nbits (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading\n zero SGEs in nbytes (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation\n (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds\n buffer access (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant\n clearing of nbits (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument\n by nbytes (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of\n indices (bsc#1003581).\n\n - libnvdimm, pfn: fix 'npfns' vs section alignment\n (bsc#1040125).\n\n - livepatch: Allow architectures to specify an alternate\n ftrace location (FATE#322421).\n\n - locking/ww_mutex: Fix compilation of\n __WW_MUTEX_INITIALIZER (bsc#1031717).\n\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n\n - md.c:didn't unlock the mddev before return EINVAL in\n array_size_store (bsc#1038143).\n\n - md-cluster: fix potential lock issue in add_new_disk\n (bsc#1041087).\n\n - md: MD_CLOSING needs to be cleared after called\n md_set_readonly or do_md_stop (bsc#1038142).\n\n - md/raid1: avoid reusing a resync bio after error\n handling (Fate#311379).\n\n - media: am437x-vpfe: fix an uninitialized variable bug\n (bsc#1031717).\n\n - media: b2c2: use IS_REACHABLE() instead of open-coding\n it (bsc#1031717).\n\n - media: c8sectpfe: Rework firmware loading mechanism\n (bsc#1031717).\n\n - media: cx231xx-audio: fix NULL-deref at probe\n (bsc#1031717).\n\n - media: cx231xx-cards: fix NULL-deref at probe\n (bsc#1031717).\n\n - media: cx23885: uninitialized variable in\n cx23885_av_work_handler() (bsc#1031717).\n\n - media: DaVinci-VPBE: Check return value of a\n setup_if_config() call in vpbe_set_output()\n (bsc#1031717).\n\n - media: DaVinci-VPFE-Capture: fix error handling\n (bsc#1031717).\n\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n\n - media: dvb-usb: avoid link error with dib3000m(b,c|\n (bsc#1031717).\n\n - media: exynos4-is: fix a format string bug\n (bsc#1031717).\n\n - media: gspca: konica: add missing endpoint sanity check\n (bsc#1031717).\n\n - media: lirc_imon: do not leave imon_probe() with mutex\n held (bsc#1031717).\n\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze()\n (bsc#1031717).\n\n - media: rc: allow rc modules to be loaded if rc-main is\n not a module (bsc#1031717).\n\n - media: s5p-mfc: Fix unbalanced call to clock management\n (bsc#1031717).\n\n - media: sh-vou: clarify videobuf2 dependency\n (bsc#1031717).\n\n - media: staging: media: davinci_vpfe: unlock on error in\n vpfe_reqbufs() (bsc#1031717).\n\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n\n - media: uvcvideo: Fix empty packet statistic\n (bsc#1031717).\n\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix\n (4.4.68 stable queue).\n\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n\n - mm,compaction: serialize waitqueue_active() checks\n (bsc#971975).\n\n - mmc: sdhci-pxav3: fix higher speed mode capabilities\n (bsc#1031717).\n\n - mmc: sdhci: restore behavior when setting VDD via\n external regulator (bsc#1031717).\n\n - mm: fix <linux/pagemap.h> stray kernel-doc notation\n (bnc#971975 VM -- git fixes).\n\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68\n stable queue).\n\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print\n (4.4.68 stable queue).\n\n - mwifiex: pcie: fix cmd_buf use-after-free in\n remove/reset (bsc#1031717).\n\n - mwifiex: Removed unused 'pkt_type' variable\n (bsc#1031717).\n\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68\n stable queue).\n\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'chan_num' variable\n (bsc#1031717).\n\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n\n - nfsd4: minor NFSv2/v3 write decoding cleanup\n (bsc#1034670).\n\n - nfsd: check for oversized NFSv2/v3 arguments\n (bsc#1034670).\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops\n (bsc#1034670).\n\n - nfs: Fix inode corruption in nfs_prime_dcache()\n (git-fixes).\n\n - nfs: Fix missing pg_cleanup after\n nfs_pageio_cond_complete() (git-fixes).\n\n - nfs: Use GFP_NOIO for two allocations in writeback\n (git-fixes).\n\n - nfsv4.1: Fix Oopsable condition in server callback races\n (git-fixes).\n\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive\n cluster lock (bsc#1004003).\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs\n entry points (bsc#1004003).\n\n - pci: pciehp: Prioritize data-link event over presence\n detect (bsc#1031040,bsc#1037483).\n\n - pci: Reverse standard ACS vs device-specific ACS\n enabling (bsc#1030057).\n\n - pci: Work around Intel Sunrise Point PCH incorrect ACS\n capability (bsc#1030057).\n\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell\n server (bsc#1035887).\n\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable\n queue).\n\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in\n zap_pid_ns_processes (bnc#1012985).\n\n - PKCS#7: fix missing break on OID_sha224 case\n (bsc#1031717).\n\n - platform/x86: fujitsu-laptop: use\n brightness_set_blocking for LED-setting callbacks\n (bsc#1031717).\n\n - PM / wakeirq: Enable dedicated wakeirq for suspend\n (bsc#1031717).\n\n - PM / wakeirq: Fix spurious wake-up events for dedicated\n wakeirqs (bsc#1031717).\n\n - PM / wakeirq: report a wakeup_event on dedicated wekup\n irq (bsc#1031717).\n\n - power: bq27xxx: fix register numbers of bq27500\n (bsc#1031717).\n\n - powerpc: Create a helper for getting the kernel toc\n value (FATE#322421).\n\n - powerpc/ftrace: Add Kconfig & Make glue for\n mprofile-kernel (FATE#322421).\n\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace\n ABI (FATE#322421).\n\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling\n ftrace (FATE#322421).\n\n - powerpc/ftrace: Use generic ftrace_modify_all_code()\n (FATE#322421).\n\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag\n (FATE#322421).\n\n - powerpc/livepatch: Add livepatch header (FATE#322421).\n\n - powerpc/livepatch: Add live patching support on ppc64le\n (FATE#322421).\n\n - powerpc/livepatch: Add livepatch stack to struct\n thread_info (FATE#322421).\n\n - powerpc/module: Create a special stub for\n ftrace_caller() (FATE#322421).\n\n - powerpc/module: Mark module stubs with a magic value\n (FATE#322421).\n\n - powerpc/module: Only try to generate the ftrace_caller()\n stub once (FATE#322421).\n\n - powerpc/modules: Never restore r2 for a mprofile-kernel\n style mcount() call (FATE#322421).\n\n - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68\n stable queue).\n\n - power: supply: bq24190_charger: Call\n power_supply_changed() for relevant component (4.4.68\n stable queue).\n\n - power: supply: bq24190_charger: Call set_mode_host() on\n pm_resume() (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Do not read fault\n register outside irq_handle_thread() (4.4.68 stable\n queue).\n\n - power: supply: bq24190_charger: Fix irq trigger to\n IRQF_TRIGGER_FALLING (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Handle fault before\n status on interrupt (4.4.68 stable queue).\n\n - power: supply: bq24190_charger: Install\n irq_handler_thread() at end of probe() (4.4.68 stable\n queue).\n\n - ppc64le: Update ppc64le config files to use KGRAFT.\n\n - printk: Switch to the sync mode when an emergency\n message is printed (bsc#1034995).\n\n - RDMA/iw_cxgb4: Add missing error codes for act open cmd\n (bsc#1026570).\n\n - RDMA/iw_cxgb4: Low resource fixes for Completion queue\n (bsc#1026570).\n\n - RDMA/iw_cxgb4: only read markers_enabled mod param once\n (bsc#1026570).\n\n - regulator: isl9305: fix array size (bsc#1031717).\n\n - Revert 'acpi, nfit, libnvdimm: fix interleave set cookie\n calculation (64-bit comparison)' (kabi).\n\n - Revert 'KVM: nested VMX: disable perf cpuid reporting'\n (4.4.68 stable queue).\n\n - Revert 'l2tp: take reference on sessions being dumped'\n (kabi).\n\n - Revert 'mac80211: pass block ack session timeout to to\n driver' (kabi).\n\n - Revert 'mac80211: RX BA support for sta\n max_rx_aggregation_subframes' (kabi).\n\n - Revert 'wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event'\n (kabi).\n\n - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the\n certificate (bsc#1035922)\n\n - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string\n (4.4.68 stable queue).\n\n - s390/dasd: check if query host access feature is\n supported (bsc#1037871).\n\n - scsi: be2iscsi: Add FUNCTION_RESET during driver unload\n (bsc#1038458).\n\n - scsi: be2iscsi: Add IOCTL to check UER supported\n (bsc#1038458).\n\n - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458).\n\n - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL\n (bsc#1038458).\n\n - scsi: be2iscsi: allocate enough memory in\n beiscsi_boot_get_sinfo() (bsc#1038458).\n\n - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL\n (bsc#1038458).\n\n - scsi: be2iscsi: Fail the sessions immediately after TPE\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix async PDU handling path\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458).\n\n - scsi: be2iscsi: Fix checks for HBA in error state\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix POST check and reset sequence\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix queue and connection parameters\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix release of DHCP IP in static mode\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix to add timer for UE detection\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix to make boot discovery non-blocking\n (bsc#1038458).\n\n - scsi: be2iscsi: Fix to use correct configuration values\n (bsc#1038458).\n\n - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param\n (bsc#1038458).\n\n - scsi: be2iscsi: Move functions to right files\n (bsc#1038458).\n\n - scsi: be2iscsi: Move VLAN code to common iface_set_param\n (bsc#1038458).\n\n - scsi: be2iscsi: Reduce driver load/unload time\n (bsc#1038458).\n\n - scsi: be2iscsi: Remove alloc_mcc_tag &\n beiscsi_pci_soft_reset (bsc#1038458).\n\n - scsi: be2iscsi: Remove isr_lock and dead code\n (bsc#1038458).\n\n - scsi: be2iscsi: Rename iface get/set/create/destroy APIs\n (bsc#1038458).\n\n - scsi: be2iscsi: Replace _bh version for mcc_lock\n spinlock (bsc#1038458).\n\n - scsi: be2iscsi: Set and return right iface v4/v6 states\n (bsc#1038458).\n\n - scsi: be2iscsi: Update copyright information\n (bsc#1038458).\n\n - scsi: be2iscsi: Update iface handle before any set param\n (bsc#1038458).\n\n - scsi: be2iscsi: Update the driver version (bsc#1038458).\n\n - scsi: cxgb4i: libcxgbi: add missing module_put()\n (bsc#1018885).\n\n - scsi: cxlflash: Remove the device cleanly in the system\n shutdown path (bsc#1028310, fate#321597, bsc#1034762).\n cherry-pick from SP3\n\n - scsi_dh_alua: do not call BUG_ON when updating port\n group (bsc#1028340).\n\n - scsi_dh_alua: Do not retry for unmapped device\n (bsc#1012910).\n\n - scsi: fnic: Correcting rport check location in\n fnic_queuecommand_lck (bsc#1035920).\n\n - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m\n (4.4.68 stable queue).\n\n - scsi: scsi_dh_alua: Check scsi_device_get() return value\n (bsc#1040125).\n\n - scsi: scsi_dh_emc: return success in\n clariion_std_inquiry() (4.4.68 stable queue).\n\n - serial: 8250_omap: Fix probe and remove for PM runtime\n (4.4.68 stable queue).\n\n - staging: emxx_udc: remove incorrect __init annotations\n (4.4.68 stable queue).\n\n - staging: rtl8188eu: prevent an underflow in\n rtw_check_beacon_data() (bsc#1031717).\n\n - staging: wlan-ng: add missing byte order conversion\n (4.4.68 stable queue).\n\n - sunrpc: Allow xprt->ops->timer method to sleep\n (git-fixes).\n\n - sunrpc: fix UDP memory accounting (git-fixes).\n\n - tcp: do not inherit fastopen_req from parent (4.4.68\n stable queue).\n\n - tcp: do not underestimate skb->truesize in\n tcp_trim_head() (4.4.68 stable queue).\n\n - tcp: fix wraparound issue in tcp_lp (4.4.68 stable\n queue).\n\n - tracing/kprobes: Enforce kprobes teardown after testing\n (bnc#1012985).\n\n - usb: chipidea: Handle extcon events properly (4.4.68\n stable queue).\n\n - usb: chipidea: Only read/write OTGSC from one place\n (4.4.68 stable queue).\n\n - usb: host: ehci-exynos: Decrese node refcount on\n exynos_ehci_get_phy() error paths (4.4.68 stable queue).\n\n - usb: host: ohci-exynos: Decrese node refcount on\n exynos_ehci_get_phy() error paths (4.4.68 stable queue).\n\n - usb: musb: ux500: Fix NULL pointer dereference at system\n PM (bsc#1038033).\n\n - usb: serial: ark3116: fix open error handling\n (bnc#1038043).\n\n - usb: serial: ch341: add register and USB request\n definitions (bnc#1038043).\n\n - usb: serial: ch341: add support for parity, frame\n length, stop bits (bnc#1038043).\n\n - usb: serial: ch341: fix baud rate and line-control\n handling (bnc#1038043).\n\n - usb: serial: ch341: fix line settings after reset-resume\n (bnc#1038043).\n\n - usb: serial: ch341: fix modem-status handling\n (bnc#1038043).\n\n - usb: serial: ch341: reinitialize chip on reconfiguration\n (bnc#1038043).\n\n - usb: serial: digi_acceleport: fix incomplete rx sanity\n check (4.4.68 stable queue).\n\n - usb: serial: fix compare_const_fl.cocci warnings\n (bnc#1038043).\n\n - usb: serial: ftdi_sio: fix latency-timer error handling\n (4.4.68 stable queue).\n\n - usb: serial: io_edgeport: fix descriptor error handling\n (4.4.68 stable queue).\n\n - usb: serial: io_edgeport: fix epic-descriptor handling\n (bnc#1038043).\n\n - usb: serial: keyspan_pda: fix receive sanity checks\n (4.4.68 stable queue).\n\n - usb: serial: mct_u232: fix modem-status error handling\n (4.4.68 stable queue).\n\n - usb: serial: quatech2: fix control-message error\n handling (bnc#1038043).\n\n - usb: serial: sierra: fix bogus alternate-setting\n assumption (bnc#1038043).\n\n - usb: serial: ssu100: fix control-message error handling\n (bnc#1038043).\n\n - usb: serial: ti_usb_3410_5052: fix control-message error\n handling (4.4.68 stable queue).\n\n - Use make --output-sync feature when available\n (bsc#1012422). The mesages in make output can interleave\n making it impossible to extract warnings reliably. Since\n version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing\n this issue. Detect the flag and use it if available.\n\n - Use up spare in struct module for livepatch\n (FATE#322421).\n\n - vsock: Detach QP check should filter out non matching\n QPs (bsc#1036752).\n\n - x86/ioapic: Restore IO-APIC irq_chip retrigger callback\n (4.4.68 stable queue).\n\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned\n expression >= 0 (4.4.68 stable queue).\n\n - x86/platform/intel-mid: Correct MSI IRQ line for\n watchdog device (4.4.68 stable queue).\n\n - x86/platform/uv/BAU: Add generic function pointers\n (bsc#1035024).\n\n - x86/platform/uv/BAU: Add payload descriptor qualifier\n (bsc#1035024).\n\n - x86/platform/uv/BAU: Add status mmr location fields to\n bau_control (bsc#1035024).\n\n - x86/platform/uv/BAU: Add UV4-specific functions\n (bsc#1035024).\n\n - x86/platform/uv/BAU: Add uv_bau_version enumerated\n constants (bsc#1035024).\n\n - x86/platform/uv/BAU: Add wait_completion to\n bau_operations (bsc#1035024).\n\n - x86/platform/uv/BAU: Clean up and update printks\n (bsc#1035024).\n\n - x86/platform/uv/BAU: Cleanup bau_operations declaration\n and instances (bsc#1035024).\n\n - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024).\n\n - x86/platform/uv/BAU: Clean up vertical alignment\n (bsc#1035024).\n\n - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to\n uv_gpa_to_offset() (bsc#1035024).\n\n - x86/platform/uv/BAU: Disable software timeout on UV4\n hardware (bsc#1035024).\n\n - x86/platform/uv/BAU: Fix HUB errors by remove initial\n write to sw-ack register (bsc#1035024).\n\n - x86/platform/uv/BAU: Fix payload queue setup on UV4\n hardware (bsc#1035024).\n\n - x86/platform/uv/BAU: Implement uv4_wait_completion with\n read_status (bsc#1035024).\n\n - x86/platform/uv/BAU: Populate ->uvhub_version with UV4\n version information (bsc#1035024).\n\n - x86/platform/uv/BAU: Use generic function pointers\n (bsc#1035024).\n\n - xen: adjust early dom0 p2m handling to xen hypervisor\n behavior (bnc#1031470).\n\n - xfs: do not assert fail on non-async buffers on ioacct\n decrement (bsc#1041160).\n\n - xfs: fix eofblocks race with file extending async dio\n writes (bsc#1040929).\n\n - xfs: Fix missed holes in SEEK_HOLE implementation\n (bsc#1041168).\n\n - xfs: fix off-by-one on max nr_pages in\n xfs_find_get_desired_pgoff() (bsc#1041168).\n\n - xfs: in _attrlist_by_handle, copy the cursor back to\n userspace (bsc#1041242).\n\n - xfs: only return -errno or success from attr\n ->put_listent (bsc#1041242).\n\n - xfs: Split default quota limits by quota type\n (bsc#1040941).\n\n - xfs: use ->b_state to fix buffer I/O accounting release\n race (bsc#1041160).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.70-18.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.70-18.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.70-18.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.70-18.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:59", "description": "USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3344-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101154);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3328-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1018-gke\", pkgver:\"4.4.0-1018.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1022-aws\", pkgver:\"4.4.0-1022.31\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-raspi2\", pkgver:\"4.4.0-1061.69\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-snapdragon\", pkgver:\"4.4.0-1063.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1022.25\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1018.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1061.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1063.56\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:08:44", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. (CVE-2012-6701)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142)\n\n - A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480)\n\n - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.\n (CVE-2016-7042)\n\n - It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097)\n\n - A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399)\n\n - A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)\n\n - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-0861)\n\n - A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this to waste resources in the kernel's ring buffer or possibly cause an out-of-bounds read on the heap leading to a system crash. (CVE-2017-1000111)\n\n - A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system.\n (CVE-2017-11176)\n\n - It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page.\n bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n (CVE-2017-12190)\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106)\n\n - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. (CVE-2017-15121)\n\n - A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. (CVE-2017-15265)\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker. (CVE-2017-18203)\n\n - A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n (CVE-2017-2671)\n\n - It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context. (CVE-2017-6001)\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.\n (CVE-2017-6214)\n\n - Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541)\n\n - An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542)\n\n - Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)\n\n - The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074)\n\n - In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2018-1000004)\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub- operations. These sub-operations allow the processor to hand-off address generation logic into these sub- operations for optimized writes. Both of these sub- operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n - Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side- channel. (CVE-2018-12127)\n\n - A flaw was found in the implementation of the fill buffer, a mechanism used by modern CPUs when a cache- miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. (CVE-2018-13405)\n\n - A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the Lazy FPU Restore scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year. (CVE-2018-3665)\n\n - An error in the _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)\n\n - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. (CVE-2018-7566)\n\n - Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0152)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-10142", "CVE-2016-6480", "CVE-2016-6786", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-8650", "CVE-2017-0861", "CVE-2017-1000111", "CVE-2017-11176", "CVE-2017-12190", "CVE-2017-14106", "CVE-2017-15121", "CVE-2017-15265", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2018-1000004", "CVE-2018-1130", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-13405", "CVE-2018-3665", "CVE-2018-5803", "CVE-2018-7566", "CVE-2019-11091"], "modified": "2022-12-06T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0152. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127425);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2012-6701\",\n \"CVE-2015-8830\",\n \"CVE-2016-6480\",\n \"CVE-2016-7042\",\n \"CVE-2016-7097\",\n \"CVE-2016-8399\",\n \"CVE-2016-8650\",\n \"CVE-2016-10142\",\n \"CVE-2017-0861\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-6214\",\n \"CVE-2017-7541\",\n \"CVE-2017-7542\",\n \"CVE-2017-7616\",\n \"CVE-2017-7889\",\n \"CVE-2017-9074\",\n \"CVE-2017-11176\",\n \"CVE-2017-12190\",\n \"CVE-2017-14106\",\n \"CVE-2017-15121\",\n \"CVE-2017-15265\",\n \"CVE-2017-18203\",\n \"CVE-2017-1000111\",\n \"CVE-2018-1130\",\n \"CVE-2018-3665\",\n \"CVE-2018-5803\",\n \"CVE-2018-7566\",\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2018-13405\",\n \"CVE-2018-1000004\",\n \"CVE-2019-11091\"\n );\n script_bugtraq_id(102329, 106503);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0324\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0152)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - It was found that AIO interface didn't use the proper\n rw_verify_area() helper function with extended\n functionality, for example, mandatory locking on the\n file. Also rw_verify_area() makes extended checks, for\n example, that the size of the access doesn't cause\n overflow of the provided offset limits. This integer\n overflow in fs/aio.c in the Linux kernel before 3.4.1\n allows local users to cause a denial of service or\n possibly have unspecified other impact via a large AIO\n iovec. (CVE-2012-6701)\n\n - Integer overflow in the aio_setup_single_vector function\n in fs/aio.c in the Linux kernel 4.0 allows local users\n to cause a denial of service or possibly have\n unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701\n regression. (CVE-2015-8830)\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of a\n fragmentation-based attack against legacy IPv6 nodes\n that do not implement RFC6946. (CVE-2016-10142)\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation. A\n local attacker could use this flaw to cause a denial of\n service (out-of-bounds access or system crash) by\n changing a certain size value. (CVE-2016-6480)\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a panic\n in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n (CVE-2016-7042)\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but doesn't\n clear the setgid bit in a similar way. This could allow\n a local user to gain group privileges via certain setgid\n applications. (CVE-2016-7097)\n\n - A flaw was found in the Linux networking subsystem where\n a local attacker with CAP_NET_ADMIN capabilities could\n cause an out-of-bounds memory access by creating a\n smaller-than-expected ICMP header and sending to its\n destination via sendto(). (CVE-2016-8399)\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted RSA\n key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - Use-after-free vulnerability in the snd_pcm_info()\n function in the ALSA subsystem in the Linux kernel\n allows attackers to induce a kernel memory corruption\n and possibly crash or lock up a system. Due to the\n nature of the flaw, a privilege escalation cannot be\n fully ruled out, although we believe it is unlikely.\n (CVE-2017-0861)\n\n - A race condition issue was found in the way the raw\n packet socket implementation in the Linux kernel\n networking subsystem handled synchronization. A local\n user able to open a raw packet socket (requires the\n CAP_NET_RAW capability) could use this to waste\n resources in the kernel's ring buffer or possibly cause\n an out-of-bounds read on the heap leading to a system\n crash. (CVE-2017-1000111)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the system.\n (CVE-2017-11176)\n\n - It was found that in the Linux kernel through v4.14-rc5,\n bio_map_user_iov() and bio_unmap_user() in 'block/bio.c'\n do unbalanced pages refcounting if IO vector has small\n consecutive buffers belonging to the same page.\n bio_add_pc_page() merges them into one, but the page\n reference is never dropped, causing a memory leak and\n possible system lockup due to out-of-memory condition.\n (CVE-2017-12190)\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This\n can result in a kernel panic causing a local denial of\n service. (CVE-2017-14106)\n\n - A non-privileged user is able to mount a fuse filesystem\n on RHEL 6 or 7 and crash a system if an application\n punches a hole in a file that does not end aligned to a\n page boundary. (CVE-2017-15121)\n\n - A use-after-free vulnerability was found when issuing an\n ioctl to a sound device. This could allow a user to\n exploit a race condition and create memory corruption or\n possibly privilege escalation. (CVE-2017-15265)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with CAP_SYS_ADMIN\n capability) can directly perform the ioctl operations\n for dm device creation and removal and this would\n typically be outside the direct control of the\n unprivileged attacker. (CVE-2017-18203)\n\n - A race condition leading to a NULL pointer dereference\n was found in the Linux kernel's Link Layer Control\n implementation. A local attacker with access to ping\n sockets could use this flaw to crash the system.\n (CVE-2017-2671)\n\n - It was found that the original fix for CVE-2016-6786 was\n incomplete. There exist a race between two concurrent\n sys_perf_event_open() calls when both try and move the\n same pre-existing software group into a hardware\n context. (CVE-2017-6001)\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could allow\n a remote attacker to force the kernel to enter a\n condition in which it could loop indefinitely.\n (CVE-2017-6214)\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. This flaw is unlikely to be\n triggered remotely as certain userspace code is needed\n for this. An unprivileged local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to a crash. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n it is unlikely. (CVE-2017-7541)\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function. (CVE-2017-7542)\n\n - Incorrect error handling in the set_mempolicy() and\n mbind() compat syscalls in 'mm/mempolicy.c' in the Linux\n kernel allows local users to obtain sensitive\n information from uninitialized stack data by triggering\n failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The mm subsystem in the Linux kernel through 4.10.10\n does not properly enforce the CONFIG_STRICT_DEVMEM\n protection mechanism, which allows local users to read\n or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access\n restrictions) via an application that opens the /dev/mem\n file, related to arch/x86/mm/init.c and\n drivers/char/mem.c. (CVE-2017-7889)\n\n - The IPv6 fragmentation implementation in the Linux\n kernel does not consider that the nexthdr field may be\n associated with an invalid option, which allows local\n users to cause a denial of service (out-of-bounds read\n and BUG) or possibly have unspecified other impact via\n crafted socket and send system calls. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is unlikely. (CVE-2017-9074)\n\n - In the Linux kernel versions 4.12, 3.10, 2.6, and\n possibly earlier, a race condition vulnerability exists\n in the sound system allowing for a potential deadlock\n and memory corruption due to use-after-free condition\n and thus denial of service. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely. (CVE-2018-1000004)\n\n - A null pointer dereference in dccp_write_xmit() function\n in net/dccp/output.c in the Linux kernel allows a local\n user to cause a denial of service by a number of certain\n crafted system calls. (CVE-2018-1130)\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data) sub-\n operations. These sub-operations allow the processor to\n hand-off address generation logic into these sub-\n operations for optimized writes. Both of these sub-\n operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - Microprocessors use a load port subcomponent to\n perform load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing side-\n channel. (CVE-2018-12127)\n\n - A flaw was found in the implementation of the fill\n buffer, a mechanism used by modern CPUs when a cache-\n miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - A vulnerability was found in the\n fs/inode.c:inode_init_owner() function logic of the\n LInux kernel that allows local users to create files\n with an unintended group ownership and with group\n execution and SGID permission bits set, in a scenario\n where a directory is SGID and belongs to a certain group\n and is writable by a user who is not a member of this\n group. This can lead to excessive permissions granted in\n case when they should not. (CVE-2018-13405)\n\n - A Floating Point Unit (FPU) state information leakage\n flaw was found in the way the Linux kernel saved and\n restored the FPU state during task switch. Linux kernels\n that follow the Lazy FPU Restore scheme are vulnerable\n to the FPU state information leakage issue. An\n unprivileged local attacker could use this flaw to read\n FPU state bits by conducting targeted cache side-channel\n attacks, similar to the Meltdown vulnerability disclosed\n earlier this year. (CVE-2018-3665)\n\n - An error in the _sctp_make_chunk() function\n (net/sctp/sm_make_chunk.c) when handling SCTP, packet\n length can be exploited by a malicious local user to\n cause a kernel crash and a DoS. (CVE-2018-5803)\n\n - ALSA sequencer core initializes the event pool on demand\n by invoking snd_seq_pool_init() when the first write\n happens and the pool is empty. A user can reset the pool\n size manually via ioctl concurrently, and this may lead\n to UAF or out-of-bound access. (CVE-2018-7566)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6001\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-7566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"kernel-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-abi-whitelists-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-debug-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-debug-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-debug-devel-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-devel-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-doc-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-firmware-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"kernel-headers-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"perf-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"python-perf-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\",\n \"python-perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.129.gee87030\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:55", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3325-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3325-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100923);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3325-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3325-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.10-raspi2 and / or\nlinux-image-raspi2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3325-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1008-raspi2\", pkgver:\"4.10.0-1008.11\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1008.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:03", "description": "Infinite recursion in ahash.c by triggering EBUSY on a full queue :\n\nA vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.(CVE-2017-7618)\n\nTime subsystem allows local users to discover real PID values :\n\nThe time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967)\n\nStack-based buffer overflow in sg_ioctl function :\n\nThe sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\nIncorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c :\n\nIncorrect error handling in the set_mempolicy() and mbind() compat syscalls in mm/mempolicy.c; in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\nRace condition in Link Layer Control :\n\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n(CVE-2017-2671)\n\nOverflow in check for priv area size :\n\nIt was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system.\nDue to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-7308)", "cvss3": {}, "published": "2017-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-828)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2671", "CVE-2017-5967", "CVE-2017-7187", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-828.NASL", "href": "https://www.tenable.com/plugins/nessus/100106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-828.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100106);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-2671\", \"CVE-2017-5967\", \"CVE-2017-7187\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_xref(name:\"ALAS\", value:\"2017-828\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-828)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Infinite recursion in ahash.c by triggering EBUSY on a full queue :\n\nA vulnerability was found in crypto/ahash.c in the Linux kernel which\nallows attackers to cause a denial of service (API operation calling\nits own callback, and infinite recursion) by triggering EBUSY on a\nfull queue.(CVE-2017-7618)\n\nTime subsystem allows local users to discover real PID values :\n\nThe time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is\nenabled, allows local users to discover real PID values (as\ndistinguished from PID values inside a PID namespace) by reading the\n/proc/timer_list file, related to the print_timer function in\nkernel/time/timer_list.c and the __timer_stats_timer_set_start_info\nfunction in kernel/time/timer.c.(CVE-2017-5967)\n\nStack-based buffer overflow in sg_ioctl function :\n\nThe sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows\nlocal users to cause a denial of service (stack-based buffer overflow)\nor possibly have unspecified other impacts via a large command size in\nan SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access\nin the sg_write function. (CVE-2017-7187)\n\nIncorrect error handling in the set_mempolicy and mbind compat\nsyscalls in mm/mempolicy.c :\n\nIncorrect error handling in the set_mempolicy() and mbind() compat\nsyscalls in mm/mempolicy.c; in the Linux kernel allows local users to\nobtain sensitive information from uninitialized stack data by\ntriggering failure of a certain bitmap operation. (CVE-2017-7616)\n\nRace condition in Link Layer Control :\n\nA race condition leading to a NULL pointer dereference was found in\nthe Linux kernel's Link Layer Control implementation. A local attacker\nwith access to ping sockets could use this flaw to crash the system.\n(CVE-2017-2671)\n\nOverflow in check for priv area size :\n\nIt was found that the packet_set_ring() function of the Linux kernel's\nnetworking implementation did not properly validate certain block-size\ndata. A local attacker with CAP_NET_RAW capability could use this flaw\nto trigger a buffer overflow, resulting in the crash of the system.\nDue to the nature of the flaw, privilege escalation cannot be fully\nruled out, although we believe it is unlikely. (CVE-2017-7308)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-828.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.27-14.31.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:28", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3329-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3329-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100927);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3329-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3329-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-gke package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3329-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1016-gke\", pkgver:\"4.4.0-1016.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-gke\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:47", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3330-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100928);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3330-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3330-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-snapdragon and / or\nlinux-image-snapdragon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3330-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-snapdragon\", pkgver:\"4.4.0-1061.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1061.54\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-snapdragon / linux-image-snapdragon\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:16", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3328-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3328-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100926);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3328-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3328-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3328-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:21", "description": "The 4.10.10 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-26c9ecd7a4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-26C9ECD7A4.NASL", "href": "https://www.tenable.com/plugins/nessus/99423", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-26c9ecd7a4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99423);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_xref(name:\"FEDORA\", value:\"2017-26c9ecd7a4\");\n\n script_name(english:\"Fedora 25 : kernel (2017-26c9ecd7a4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.10.10 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-26c9ecd7a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-26c9ecd7a4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.10.10-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:15", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3324-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3324-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100922);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3324-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3324-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3324-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-generic\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-generic-lpae\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-lowlatency\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.10.0.24.26\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:54", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100932);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3334-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3334-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3334-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:20", "description": "USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3343-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3343-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101153);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3343-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages. Note that the updated packages may not\nbe immediately available from the package repository or its mirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-123-generic\", pkgver:\"3.13.0-123.172~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-123-generic-lpae\", pkgver:\"3.13.0-123.172~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.123.114\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.123.114\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:45", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3331-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3331-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100929);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3331-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3331-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-aws package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3331-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1020-aws\", pkgver:\"4.4.0-1020.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:39", "description": "The 4.10.10 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2017-8e7549fb91)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-8E7549FB91.NASL", "href": "https://www.tenable.com/plugins/nessus/99424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8e7549fb91.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99424);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_xref(name:\"FEDORA\", value:\"2017-8e7549fb91\");\n\n script_name(english:\"Fedora 24 : kernel (2017-8e7549fb91)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.10.10 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e7549fb91\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-8e7549fb91\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.10.10-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:08", "description": "USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3343-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3343-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101152);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3343-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3335-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3343-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3343-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-generic\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-generic-lpae\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-lowlatency\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.123.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.123.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.123.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:09", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3332-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3332-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100930);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3332-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3332-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3332-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1059-raspi2\", pkgver:\"4.4.0-1059.67\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1059.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:45", "description": "It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-5577", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3333-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3333-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100931);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3333-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3333-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3333-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-56-generic\", pkgver:\"4.8.0-56.61~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-56-generic-lpae\", pkgver:\"4.8.0-56.61~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-56-lowlatency\", pkgver:\"4.8.0-56.61~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:53", "description": "It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-5577", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3326-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100924", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3326-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100924);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3326-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3326-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3326-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-56-generic\", pkgver:\"4.8.0-56.61\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-56-generic-lpae\", pkgver:\"4.8.0-56.61\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-56-lowlatency\", pkgver:\"4.8.0-56.61\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.56.69\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.56.69\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.56.69\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-virtual\", pkgver:\"4.8.0.56.69\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:34", "description": "USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-5577", "CVE-2017-7294", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3342-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3342-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101150);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-5577\", \"CVE-2017-7294\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3342-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3326-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3342-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-5577\", \"CVE-2017-7294\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3342-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1042-raspi2\", pkgver:\"4.8.0-1042.46\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-58-generic\", pkgver:\"4.8.0-58.63\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-58-generic-lpae\", pkgver:\"4.8.0-58.63\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-58-lowlatency\", pkgver:\"4.8.0-58.63\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.58.71\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.58.71\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.58.71\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1042.46\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-virtual\", pkgver:\"4.8.0.58.71\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:54", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-saucy", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-quantal", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-raring", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-saucy", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3335-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3335-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100933);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3335-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3335-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-saucy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-quantal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-raring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-saucy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3335-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-121-generic\", pkgver:\"3.13.0-121.170\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-121-generic-lpae\", pkgver:\"3.13.0-121.170\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-121-lowlatency\", pkgver:\"3.13.0-121.170\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-saucy\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-quantal\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-raring\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-saucy\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-pae\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-highbank\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-pae\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual\", pkgver:\"3.13.0.121.131\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:15", "description": "It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3327-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-5577", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3327-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100925", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3327-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100925);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3327-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3327-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3327-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.8-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3327-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1040-raspi2\", pkgver:\"4.8.0-1040.44\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1040.44\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:06", "description": "USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nUSN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3342-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-5577", "CVE-2017-7294", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-
(RHSA-2018:1854) Important: kernel security and bug fix update
