The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)
* Kernel: page cache side channel attacks (CVE-2019-5489)
* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)
* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
* kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)
* kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)
* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)
* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
* kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)
* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)
* kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)
* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)
* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)
* kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)
* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)
* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)
* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)
* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)
* Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
{"nessus": [{"lastseen": "2023-05-25T14:31:12", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n* kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n* kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n* kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n* Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2019:3309)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3309.NASL", "href": "https://www.tenable.com/plugins/nessus/130526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3309. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130526);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16884\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-10126\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-11599\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-13233\",\n \"CVE-2019-14821\",\n \"CVE-2019-15666\",\n \"CVE-2019-15916\",\n \"CVE-2019-15921\",\n \"CVE-2019-15924\",\n \"CVE-2019-16994\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3874\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3309\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2019:3309)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to\nDoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Information Disclosure in crypto_report_one in\ncrypto/crypto_user.c (CVE-2018-19854)\n\n* kernel: usb: missing size check in the __usb_get_extra_descriptor()\nleading to DoS (CVE-2018-20169)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT\n(CVE-2019-3459)\n\n* kernel: Heap address information leak while using\nL2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: SCTP socket buffer memory leak leading to denial of service\n(CVE-2019-3874)\n\n* kernel: denial of service vector through vfio DMA mappings\n(CVE-2019-3882)\n\n* kernel: NULL pointer dereference in hci_uart_set_flow_control\n(CVE-2019-10207)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm()\nand core dumping (CVE-2019-11599)\n\n* kernel: fs/ext4/extents.c leads to information disclosure\n(CVE-2019-11833)\n\n* kernel: sensitive information disclosure from kernel stack memory\nvia HIDPCONNADD command (CVE-2019-11884)\n\n* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n* kernel: memory leak in register_queue_kobjects() in\nnet/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c\n(CVE-2018-19985)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest\n(CVE-2019-7222)\n\n* Kernel: net: weak IP ID generation leads to remote device tracking\n(CVE-2019-10638)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?774148ae\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-19854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-19985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-13233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-16994\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-16884\", \"CVE-2018-19854\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2019-10126\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-13233\", \"CVE-2019-14821\", \"CVE-2019-15666\", \"CVE-2019-15916\", \"CVE-2019-15921\", \"CVE-2019-15924\", \"CVE-2019-16994\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-5489\", \"CVE-2019-7222\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3309\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3309\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-core-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-core-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-extra-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-4.18.0-147.rt24.93.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-extra-4.18.0-147.rt24.93.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:41", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3517 advisory.\n\n - kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593)\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: memory leak in genl_register_family() in net/netlink/genetlink.c (CVE-2019-15921)\n\n - kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c (CVE-2019-15924)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n - kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n - kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2019:3517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-10720"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2019-3517.NASL", "href": "https://www.tenable.com/plugins/nessus/145665", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3517. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145665);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1593\",\n \"CVE-2018-16884\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3874\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-11599\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-13233\",\n \"CVE-2019-13648\",\n \"CVE-2019-14821\",\n \"CVE-2019-15666\",\n \"CVE-2019-15916\",\n \"CVE-2019-15921\",\n \"CVE-2019-15924\",\n \"CVE-2019-16994\",\n \"CVE-2020-10720\"\n );\n script_bugtraq_id(\n 72607,\n 106148,\n 106253,\n 106478,\n 106565,\n 106963,\n 107488,\n 107528,\n 107782,\n 107910,\n 108076,\n 108113,\n 108299,\n 108372,\n 108474,\n 108817,\n 109055,\n 109092\n );\n script_xref(name:\"RHSA\", value:\"2019:3517\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2019:3517)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3517 advisory.\n\n - kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593)\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c\n (CVE-2019-10126)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via\n sigreturn() system call (CVE-2019-13648)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: memory leak in genl_register_family() in net/netlink/genetlink.c (CVE-2019-15921)\n\n - kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c (CVE-2019-15924)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n - kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n - kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3517\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2015-1593', 'CVE-2018-16884', 'CVE-2018-19854', 'CVE-2018-19985', 'CVE-2018-20169', 'CVE-2019-3459', 'CVE-2019-3460', 'CVE-2019-3874', 'CVE-2019-3882', 'CVE-2019-3900', 'CVE-2019-5489', 'CVE-2019-7222', 'CVE-2019-9506', 'CVE-2019-10126', 'CVE-2019-10207', 'CVE-2019-10638', 'CVE-2019-11599', 'CVE-2019-11833', 'CVE-2019-11884', 'CVE-2019-12382', 'CVE-2019-13233', 'CVE-2019-13648', 'CVE-2019-14821', 'CVE-2019-15666', 'CVE-2019-15916', 'CVE-2019-15921', 'CVE-2019-15924', 'CVE-2019-16994', 'CVE-2020-10720');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2019:3517');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:24", "description": "An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n* kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n* kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n* kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n* kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593)\n\n* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n* Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2019:3517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-11669"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3517.NASL", "href": "https://www.tenable.com/plugins/nessus/130547", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3517. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130547);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1593\",\n \"CVE-2018-16884\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-10126\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-11599\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-13233\",\n \"CVE-2019-14821\",\n \"CVE-2019-15666\",\n \"CVE-2019-15916\",\n \"CVE-2019-15921\",\n \"CVE-2019-15924\",\n \"CVE-2019-16994\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3874\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9506\",\n \"CVE-2020-11669\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3517\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2019:3517)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to\nDoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Information Disclosure in crypto_report_one in\ncrypto/crypto_user.c (CVE-2018-19854)\n\n* kernel: usb: missing size check in the __usb_get_extra_descriptor()\nleading to DoS (CVE-2018-20169)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT\n(CVE-2019-3459)\n\n* kernel: Heap address information leak while using\nL2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: SCTP socket buffer memory leak leading to denial of service\n(CVE-2019-3874)\n\n* kernel: denial of service vector through vfio DMA mappings\n(CVE-2019-3882)\n\n* kernel: NULL pointer dereference in hci_uart_set_flow_control\n(CVE-2019-10207)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm()\nand core dumping (CVE-2019-11599)\n\n* kernel: fs/ext4/extents.c leads to information disclosure\n(CVE-2019-11833)\n\n* kernel: sensitive information disclosure from kernel stack memory\nvia HIDPCONNADD command (CVE-2019-11884)\n\n* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n* kernel: memory leak in register_queue_kobjects() in\nnet/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n* kernel: Linux stack ASLR implementation Integer overflow\n(CVE-2015-1593)\n\n* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c\n(CVE-2018-19985)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest\n(CVE-2019-7222)\n\n* Kernel: net: weak IP ID generation leads to remote device tracking\n(CVE-2019-10638)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?774148ae\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-1593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-19854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-19985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-12382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-13233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-16994\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-1593\", \"CVE-2018-16884\", \"CVE-2018-19854\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2019-10126\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-12382\", \"CVE-2019-13233\", \"CVE-2019-14821\", \"CVE-2019-15666\", \"CVE-2019-15916\", \"CVE-2019-15921\", \"CVE-2019-15924\", \"CVE-2019-16994\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-5489\", \"CVE-2019-7222\", \"CVE-2019-9506\", \"CVE-2020-11669\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3517\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3517\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"bpftool-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-abi-whitelists-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-core-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-core-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-cross-headers-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-cross-headers-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-core-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-core-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"kernel-debug-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-extra-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-extra-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"kernel-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"kernel-debuginfo-common-aarch64-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-doc-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-headers-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-headers-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-extra-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-extra-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"kernel-tools-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-libs-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"kernel-tools-libs-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-core-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-devel-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-extra-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"perf-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"python3-perf-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-debuginfo-4.18.0-147.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-debuginfo-4.18.0-147.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:42", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).\n\nCVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).\n\nCVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11599", "CVE-2019-13233"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-debug-base", "p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-debug-devel", "p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1854-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1854-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126743);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-20836\",\n \"CVE-2019-10126\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11599\",\n \"CVE-2019-13233\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1854-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: In the Linux kernel, a device could be tracked by an\nattacker using the IP ID values the kernel produces for\nconnection-less protocols (e.g., UDP and ICMP). When such traffic was\nsent to multiple destination IP addresses, it was possible to obtain\nhash collisions (of indices to the counter array) and thereby obtain\nthe hashing key (via enumeration). An attack may have been conducted\nby hosting a crafted web page that uses WebRTC or gQUIC to force UDP\ntraffic to attacker-controlled IP addresses (bnc#1140575 1140577).\n\nCVE-2019-10639: The Linux kernel allowed Information Exposure (partial\nkernel address disclosure), leading to a KASLR bypass. Specifically,\nit was possible to extract the KASLR kernel image offset using the IP\nID values the kernel produces for connection-less protocols (e.g., UDP\nand ICMP). When such traffic was sent to multiple destination IP\naddresses, it was possible to obtain hash collisions (of indices to\nthe counter array) and thereby obtain the hashing key (via\nenumeration). This key contains enough bits from a kernel address (of\na static variable) so when the key was extracted (via enumeration),\nthe offset of the kernel image was exposed. This attack could be\ncarried out remotely, by the attacker forcing the target device to\nsend UDP or ICMP (or certain other) traffic to attacker-controlled IP\naddresses. Forcing a server to send UDP traffic is trivial if the\nserver is a DNS server. ICMP traffic is trivial if the server answers\nICMP Echo requests (ping). For client targets, if the target visits\nthe attacker's web page, then WebRTC or gQUIC can be used to force UDP\ntraffic to attacker-controlled IP addresses. NOTE: this attack against\nKASLR became viable because IP ID generation was changed to have a\ndependency on an address associated with a network namespace\n(bnc#1140577).\n\nCVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there\nwas a use-after-free for access to an LDT entry because of a race\ncondition between modify_ldt() and a #BR exception for an MPX bounds\nviolation (bnc#1140454).\n\nCVE-2018-20836: An issue was discovered in the Linux kernel There was\na race condition in smp_task_timedout() and smp_task_done() in\ndrivers/scsi/libsas/sas_expander.c, leading to a use-after-free\n(bnc#1134395).\n\nCVE-2019-10126: A flaw was found in the Linux kernel. A heap based\nbuffer overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory\ncorruption and possibly other consequences (bnc#1136935).\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did\nnot use locking or other mechanisms to prevent vma layout or vma flags\nchanges while it ran, which allowed local users to obtain sensitive\ninformation, cause a denial of service, or possibly have unspecified\nother impact by triggering a race condition with mmget_not_zero or\nget_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\nfs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c\n(bnc#1131645 1133738).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13233/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191854-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a0188d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-1854=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1854=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1\n\nSUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch\nSUSE-SLE-Product-HA-15-SP1-2019-1854=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:44", "description": "A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects.(CVE-2019-10142)\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.(CVE-2019-11884)\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).(CVE-2019-3882)\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out.(CVE-2019-9500)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. (CVE-2019-11833)", "cvss3": {}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10142", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1214.NASL", "href": "https://www.tenable.com/plugins/nessus/125598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1214.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125598);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-10142\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-5489\", \"CVE-2019-9500\");\n script_xref(name:\"ALAS\", value:\"2019-1214\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects.(CVE-2019-10142)\n\nA new software page cache side channel attack scenario was discovered\nin operating systems that implement the very common 'page cache'\ncaching mechanism. A malicious user/process could use 'in memory'\npage-cache knowledge to infer access timings to shared memory and gain\nknowledge which can be used to reduce effectiveness of cryptographic\nstrength by monitoring algorithmic behavior, infer access patterns of\nmemory to determine code paths taken, and exfiltrate data to a blinded\nattacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the\nLinux kernel before 5.0.15 allows a local user to obtain potentially\nsensitive information from kernel stack memory via a HIDPCONNADD\ncommand, because a name field may not end with a '\\0'\ncharacter.(CVE-2019-11884)\n\nA flaw was found in the Linux kernel's vfio interface implementation\nthat permits violation of the user's locked memory limit. If a device\nis bound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service\n(DoS).(CVE-2019-3882)\n\nIf the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out.(CVE-2019-9500)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent\nmanagement. The kernel doesn't correctly initialize memory regions in\nthe extent tree block which may be exported to a local user to obtain\nsensitive information by reading empty/uninitialized data from the\nfilesystem. (CVE-2019-11833)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1214.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.121-109.96.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-24T14:26:09", "description": "It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126950);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-1\");\n\n script_name(english:\"Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-aws\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-gcp\", pkgver:\"5.0.0-1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-kvm\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1012-azure\", pkgver:\"5.0.0-1012.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1013-raspi2\", pkgver:\"5.0.0-1013.13\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-snapdragon\", pkgver:\"5.0.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic-lpae\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-lowlatency\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1012.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1013.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.0.0.1017.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.21.22\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:19:22", "description": "USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4069-2.NASL", "href": "https://www.tenable.com/plugins/nessus/127792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127792);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-generic\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-generic-lpae\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-lowlatency\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-generic / linux-image-5.0-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:45", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Linux kernel before 5.1-rc5 allows page-i1/4z_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)\n\n - A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)\n\n - A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated.(CVE-2019-11884)\n\n - An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand.\n It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest.(CVE-2019-7222)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-7222"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1793.NASL", "href": "https://www.tenable.com/plugins/nessus/127564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127564);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-11487\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The Linux kernel before 5.1-rc5 allows\n page-i1/4z_refcount reference count overflow, with\n resultant use-after-free issues, if about 140 GiB of\n RAM exists. This is related to fs/fuse/dev.c,\n fs/pipe.c, fs/splice.c, include/linux/mm.h,\n include/linux/pipe_fs_i.h, kernel/trace/trace.c,\n mm/gup.c, and mm/hugetlb.c. It can occur with FUSE\n requests.(CVE-2019-11487)\n\n - A flaw was found in the Linux kernel's implementation\n of ext4 extent management. The kernel doesn't correctly\n initialize memory regions in the extent tree block\n which may be exported to a local user to obtain\n sensitive information by reading empty/uninitialized\n data from the filesystem.(CVE-2019-11833)\n\n - A flaw was found in the Linux kernel's implementation\n of the Bluetooth Human Interface Device Protocol\n (HIDP). A local attacker with access permissions to the\n Bluetooth device can issue an IOCTL which will trigger\n the do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c.c. This function can leak\n potentially sensitive information from the kernel stack\n memory via a HIDPCONNADD command because a name field\n may not be correctly NULL terminated.(CVE-2019-11884)\n\n - An information leakage issue was found in the way Linux\n kernel's KVM hypervisor handled page fault exceptions\n while emulating instructions like VMXON, VMCLEAR,\n VMPTRLD, and VMWRITE with memory address as an operand.\n It occurs if the operand is a mmio address, as the\n returned exception object holds uninitialized stack\n memory contents. A guest user/process could use this\n flaw to leak host's stack memory contents to a\n guest.(CVE-2019-7222)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7949efef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h167\",\n \"kernel-debug-3.10.0-327.62.59.83.h167\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h167\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h167\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h167\",\n \"kernel-devel-3.10.0-327.62.59.83.h167\",\n \"kernel-headers-3.10.0-327.62.59.83.h167\",\n \"kernel-tools-3.10.0-327.62.59.83.h167\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h167\",\n \"perf-3.10.0-327.62.59.83.h167\",\n \"python-perf-3.10.0-327.62.59.83.h167\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:16:55", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0204 advisory.\n\n - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154)\n\n - hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-24T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:0204)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2018-16884", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10126", "CVE-2019-11135", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14901", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules"], "id": "REDHAT-RHSA-2020-0204.NASL", "href": "https://www.tenable.com/plugins/nessus/133221", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0204. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133221);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2018-16884\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11135\",\n \"CVE-2019-14816\",\n \"CVE-2019-14821\",\n \"CVE-2019-14901\"\n );\n script_bugtraq_id(\n 106253,\n 106478,\n 108076,\n 108817\n );\n script_xref(name:\"RHSA\", value:\"2020:0204\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:0204)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0204 advisory.\n\n - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154)\n\n - hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c\n (CVE-2019-10126)\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1646768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1660375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1664110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1698757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1716992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1724393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1724398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1746708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773519\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 200, 203, 226, 284, 327, 385, 400, 416, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-12207', 'CVE-2018-16884', 'CVE-2019-0154', 'CVE-2019-0155', 'CVE-2019-3900', 'CVE-2019-5489', 'CVE-2019-9506', 'CVE-2019-10126', 'CVE-2019-11135', 'CVE-2019-14816', 'CVE-2019-14821', 'CVE-2019-14901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0204');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.15.1.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.15.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:08", "description": "The openSUSE Leap 42.3 Linux kernel was updated to 4.4.172 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758)\n\n - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\n - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso _get_config_data that could be used by local attackers (bnc#1120743).\n\n - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1087082).\n\n - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\n - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to\n __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\n - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\n - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\n - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nThe following non-security bugs were fixed :\n\n - 9p/net: put a lower bound on msize (bnc#1012382).\n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239).\n\n - acpi/nfit: Block function zero DSMs (bsc#1123321).\n\n - acpi/nfit: Fix command-supported detection (bsc#1123323).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648).\n\n - acpi/power: Skip duplicate power resource references in\n _PRx (bnc#1012382).\n\n - acpi/processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).\n\n - aio: fix spectre gadget in lookup_ioctx (bnc#1012382).\n\n - aio: hold an extra file reference over AIO read/write operations (bsc#1116027).\n\n - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).\n\n - alsa: control: Fix race between adding and removing a user element (bnc#1012382).\n\n - alsa: cs46xx: Potential NULL dereference in probe (bnc#1012382).\n\n - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382).\n\n - alsa: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382).\n\n - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382).\n\n - alsa: hda: Add support for AMD Stoney Ridge (bnc#1012382).\n\n - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).\n\n - alsa: hda/tegra: clear pending irq handlers (bnc#1012382).\n\n - alsa: isa/wavefront: prevent some out of bound writes (bnc#1012382).\n\n - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382).\n\n - alsa: pcm: Fix interval evaluation with openmin/max (bnc#1012382).\n\n - alsa: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382).\n\n - alsa: pcm: Fix starvation on down_write_nonblock() (bnc#1012382).\n\n - alsa: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382).\n\n - alsa: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382).\n\n - alsa: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382).\n\n - alsa: trident: Suppress gcc string warning (bnc#1012382).\n\n - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382).\n\n - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382).\n\n - alsa: wss: Fix invalid snd_free_pages() at error path (bnc#1012382).\n\n - arc: change defconfig defaults to ARCv2 (bnc#1012382).\n\n - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382).\n\n - arc: io.h: Implement reads(x)()/writes(x)() (bnc#1012382).\n\n - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).\n\n - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).\n\n - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).\n\n - arm64: remove no-op -p linker flag (bnc#1012382).\n\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382).\n\n - arm: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382).\n\n - arm: kvm: fix building with gcc-8 (bsc#1121241).\n\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382).\n\n - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382).\n\n - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382).\n\n - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382).\n\n - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382).\n\n - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382).\n\n - b43: Fix error in cordic routine (bnc#1012382).\n\n - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382).\n\n - bfs: add sanity check at bfs_fill_super() (bnc#1012382).\n\n - block/loop: Use global lock for ioctl() operation (bnc#1012382).\n\n - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).\n\n - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382).\n\n - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382).\n\n - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382).\n\n - bpf: support 8-byte metafield access (bnc#1012382).\n\n - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970).\n\n - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967).\n\n - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382).\n\n - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382).\n\n - btrfs: Always try all copies when reading extent buffers (bnc#1012382).\n\n - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382).\n\n - btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n\n - btrfs: fix use-after-free when dumping free space (bnc#1012382).\n\n - btrfs: Handle error from btrfs_uuid_tree_rem call in\n _btrfs_ioctl_set_received_subvol (git-fixes).\n\n - btrfs: release metadata before running delayed refs (bnc#1012382).\n\n - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382).\n\n - btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).\n\n - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).\n\n - btrfs: tree-checker: Fix misleading group system information (bnc#1012382).\n\n - btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).\n\n - btrfs: validate type when reading a chunk (bnc#1012382).\n\n - btrfs: wait on ordered extents on abort cleanup (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382).\n\n - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).\n\n - can: rcar_can: Fix erroneous registration (bnc#1012382).\n\n - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382).\n\n - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275).\n\n - checkstack.pl: fix for aarch64 (bnc#1012382).\n\n - cifs: Do not hide EINTR after sending network packets (bnc#1012382).\n\n - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382).\n\n - cifs: Fix potential OOB access of lock element array (bnc#1012382).\n\n - cifs: Fix separator when building path from dentry (bnc#1012382).\n\n - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382).\n\n - clk: imx6q: reset exclusive gates on init (bnc#1012382).\n\n - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382).\n\n - cpufeature: avoid warning when compiling with clang (Git-fixes).\n\n - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382).\n\n - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).\n\n - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).\n\n - crypto: cts - fix crash on short inputs (bnc#1012382).\n\n - crypto: user - support incremental algorithm dumps (bsc#1120902).\n\n - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382).\n\n - cw1200: Do not leak memory if krealloc failes (bnc#1012382).\n\n - debugobjects: avoid recursive calls with kmemleak (bnc#1012382).\n\n - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).\n\n - disable stringop truncation warnings for now (bnc#1012382).\n\n - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382).\n\n - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382).\n\n - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382).\n\n - dlm: possible memory leak on error path in create_lkb() (bnc#1012382).\n\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382).\n\n - dmaengine: at_hdmac: fix module unloading (bnc#1012382).\n\n - dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n\n - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).\n\n - dm crypt: factor IV constructor out to separate function (Git-fixes).\n\n - dm crypt: fix crash by adding missing check for auth key size (git-fixes).\n\n - dm crypt: fix error return code in crypt_ctr() (git-fixes).\n\n - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).\n\n - dm crypt: introduce new format of cipher with 'capi:' prefix (Git-fixes).\n\n - dm crypt: wipe kernel key copy after IV initialization (Git-fixes).\n\n - dm: do not allow readahead to limit IO size (git fixes (readahead)).\n\n - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).\n\n - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156).\n\n - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).\n\n - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n\n - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098).\n\n - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382).\n\n - drivers/sbus/char: add of_node_put() (bnc#1012382).\n\n - drivers/tty: add missing of_node_put() (bnc#1012382).\n\n - drm/ast: change resolution may cause screen blurred (bnc#1012382).\n\n - drm/ast: fixed cursor may disappear sometimes (bnc#1012382).\n\n - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1106929)\n\n - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929)\n\n - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382).\n\n - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382).\n\n - drm: rcar-du: Fix external clock error checks (bsc#1106929)\n\n - drm: rcar-du: Fix vblank initialization (bsc#1106929)\n\n - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1120722).\n\n - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).\n\n - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382).\n\n - exportfs: do not read dentry after free (bnc#1012382).\n\n - ext2: fix potential use after free (bnc#1012382).\n\n - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).\n\n - ext4: Fix crash during online resizing (bsc#1122779).\n\n - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382).\n\n - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382).\n\n - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382).\n\n - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382).\n\n - f2fs: Add sanity_check_inode() function (bnc#1012382).\n\n - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).\n\n - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).\n\n - f2fs: clean up argument of recover_data (bnc#1012382).\n\n - f2fs: clean up with is_valid_blkaddr() (bnc#1012382).\n\n - f2fs: detect wrong layout (bnc#1012382).\n\n - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).\n\n - f2fs: factor out fsync inode entry operations (bnc#1012382).\n\n - f2fs: fix inode cache leak (bnc#1012382).\n\n - f2fs: fix invalid memory access (bnc#1012382).\n\n - f2fs: fix missing up_read (bnc#1012382).\n\n - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).\n\n - f2fs: fix to convert inline directory correctly (bnc#1012382).\n\n - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).\n\n - f2fs: fix to do sanity check with block address in main area (bnc#1012382).\n\n - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).\n\n - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).\n\n - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).\n\n - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).\n\n - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).\n\n - f2fs: fix to do sanity check with user_block_count (bnc#1012382).\n\n - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).\n\n - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).\n\n - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).\n\n - f2fs: introduce and spread verify_blkaddr (bnc#1012382).\n\n - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).\n\n - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).\n\n - f2fs: not allow to write illegal blkaddr (bnc#1012382).\n\n - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).\n\n - f2fs: remove an obsolete variable (bnc#1012382).\n\n - f2fs: return error during fill_super (bnc#1012382).\n\n - f2fs: sanity check on sit entry (bnc#1012382).\n\n - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).\n\n - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929)\n\n - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929)\n\n - fix fragmentation series\n\n - Fix problem with sharetransport= and NFSv4 (bsc#1114893).\n\n - floppy: fix race condition in __floppy_read_block_0() (Git-fixes).\n\n - fork: record start_time late (bnc#1012382).\n\n - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382).\n\n - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).\n\n - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n\n - genwqe: Fix size check (bnc#1012382).\n\n - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382).\n\n - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382).\n\n - git_sort.py: Remove non-existent remote tj/libata\n\n - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).\n\n - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382).\n\n - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382).\n\n - hfs: do not free node before using (bnc#1012382).\n\n - hfsplus: do not free node before using (bnc#1012382).\n\n - hpwdt add dynamic debugging (bsc#1114417).\n\n - hpwdt calculate reload value on each use (bsc#1114417).\n\n - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382).\n\n - hwmon: (ina2xx) Fix current value calculation (bnc#1012382).\n\n - hwmon: (w83795) temp4_type has writable permission (bnc#1012382).\n\n - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n\n - i2c: axxia: properly handle master timeout (bnc#1012382).\n\n - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).\n\n - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382).\n\n - ib/hfi1: Fix an out-of-bounds access in get_hw_stats ().\n\n - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).\n\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382).\n\n - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).\n\n - ibmvnic: Convert reset work item mutex to spin lock ().\n\n - ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n\n - ibmvnic: Increase maximum queue size limit (bsc#1121726).\n\n - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n\n - ide: pmac: add of_node_put() (bnc#1012382).\n\n - ieee802154: lowpan_header_create check must check daddr (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382).\n\n - input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382).\n\n - input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382).\n\n - input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382).\n\n - input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382).\n\n - input: omap-keypad - fix keyboard debounce configuration (bnc#1012382).\n\n - input: restore EV_ABS ABS_RESERVED (bnc#1012382).\n\n - input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382).\n\n - input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382).\n\n - input: xpad - add more third-party controllers (bnc#1012382).\n\n - input: xpad - add PDP device id 0x02a4 (bnc#1012382).\n\n - input: xpad - add product ID for Xbox One S pad (bnc#1012382).\n\n - input: xpad - add support for PDP Xbox One controllers (bnc#1012382).\n\n - input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382).\n\n - input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382).\n\n - input: xpad - avoid using __set_bit() for capabilities (bnc#1012382).\n\n - input: xpad - constify usb_device_id (bnc#1012382).\n\n - input: xpad - correctly sort vendor id's (bnc#1012382).\n\n - input: xpad - correct xbox one pad device name (bnc#1012382).\n\n - input: xpad - do not depend on endpoint order (bnc#1012382).\n\n - input: xpad - fix GPD Win 2 controller name (bnc#1012382).\n\n - input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382).\n\n - input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382).\n\n - input: xpad - fix some coding style issues (bnc#1012382).\n\n - input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382).\n\n - input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382).\n\n - input: xpad - handle 'present' and 'gone' correctly (bnc#1012382).\n\n - input: xpad - move reporting xbox one home button to common function (bnc#1012382).\n\n - input: xpad - power off wireless 360 controllers on suspend (bnc#1012382).\n\n - input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382).\n\n - input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382).\n\n - input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382).\n\n - input: xpad - remove unused function (bnc#1012382).\n\n - input: xpad - restore LED state after device resume (bnc#1012382).\n\n - input: xpad - simplify error condition in init_output (bnc#1012382).\n\n - input: xpad - sort supported devices by USB ID (bnc#1012382).\n\n - input: xpad - support some quirky Xbox One pads (bnc#1012382).\n\n - input: xpad - sync supported devices with 360Controller (bnc#1012382).\n\n - input: xpad - sync supported devices with XBCD (bnc#1012382).\n\n - input: xpad - sync supported devices with xboxdrv (bnc#1012382).\n\n - input: xpad - update Xbox One Force Feedback Support (bnc#1012382).\n\n - input: xpad - use LED API when identifying wireless controllers (bnc#1012382).\n\n - input: xpad - validate USB endpoint type during probe (bnc#1012382).\n\n - input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382).\n\n - input: xpad - xbox one elite controller support (bnc#1012382).\n\n - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382).\n\n - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n\n - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n\n - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).\n\n - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n\n - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).\n\n - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n\n - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382).\n\n - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).\n\n - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).\n\n - ip_tunnel: Fix name string concatenate in\n __ip_tunnel_create() (bnc#1012382).\n\n - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382).\n\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286).\n\n - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).\n\n - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382).\n\n - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).\n\n - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).\n\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382).\n\n - iser: set sector for ambiguous mr status errors (bnc#1012382).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382).\n\n - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105).\n\n - ixgbe: Add support for build_skb (bsc#1100105).\n\n - ixgbe: Add support for padding packet (bsc#1100105).\n\n - ixgbe: Break out Rx buffer page management (bsc#1100105).\n\n - ixgbe: Fix output from ixgbe_dump (bsc#1100105).\n\n - ixgbe: fix possible race in reset subtask (bsc#1101557).\n\n - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105).\n\n - ixgbe: Only DMA sync frame length (bsc#1100105).\n\n - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382).\n\n - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557).\n\n - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557).\n\n - ixgbe: Update code to better handle incrementing page count (bsc#1100105).\n\n - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105).\n\n - ixgbe: Use length to determine if descriptor is done (bsc#1100105).\n\n - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).\n\n - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n\n - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).\n\n - kbuild: suppress packed-not-aligned warning for default setting only (bnc#1012382).\n\n - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).\n\n - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).\n\n - kdb: use memmove instead of overlapping memcpy (bnc#1012382).\n\n - kdb: Use strscpy with destination buffer size (bnc#1012382).\n\n - kernfs: Replace strncpy with memcpy (bnc#1012382).\n\n - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382).\n\n - kgdboc: Fix restrict error (bnc#1012382).\n\n - kgdboc: Fix warning with module build (bnc#1012382).\n\n - kobject: Replace strncpy with memcpy (bnc#1012382).\n\n - kvm/arm64: Fix caching of host MDCR_EL2 value (bsc#1121242).\n\n - kvm/arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240).\n\n - kvm/mmu: Fix race in emulated page table writes (bnc#1012382).\n\n - kvm/nVMX: Eliminate vmcs02 pool (bnc#1012382).\n\n - kvm/nVMX: mark vmcs12 pages dirty on L2 exit (bnc#1012382).\n\n - kvm/PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382).\n\n - kvm/svm: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032).\n\n - kvm/svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648).\n\n - kvm/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281).\n\n - kvm/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382).\n\n - kvm/VMX: introduce alloc_loaded_vmcs (bnc#1012382).\n\n - kvm/VMX: make MSR bitmaps per-VCPU (bnc#1012382).\n\n - kvm/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032).\n\n - kvm/x86: fix empty-body warnings (bnc#1012382).\n\n - kvm/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382).\n\n - kvm/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382).\n\n - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382).\n\n - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382).\n\n - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382).\n\n - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382).\n\n - libceph: fall back to sendmsg for slab pages (bsc#1118316).\n\n - libfc: sync strings with upstream versions (bsc#1114763).\n\n - lib/interval_tree_test.c: allow full tree search (bnc#1012382).\n\n - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382).\n\n - lib/interval_tree_test.c: make test options module parameters (bnc#1012382).\n\n - libnvdimm, (btt, blk): do integrity setup before add_disk() (bsc#1118926).\n\n - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936).\n\n - libnvdimm: fix integer overflow static analysis warning (bsc#1118922).\n\n - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915).\n\n - lib/rbtree_test.c: make input module parameters (bnc#1012382).\n\n - lib/rbtree-test: lower default params (bnc#1012382).\n\n - llc: do not use sk_eat_skb() (bnc#1012382).\n\n - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).\n\n - loop: Fold __loop_release into loop_release (bnc#1012382).\n\n - loop: Get rid of loop_index_mutex (bnc#1012382).\n\n - LSM: Check for NULL cred-security on free (bnc#1012382).\n\n - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382).\n\n - mac80211: fix reordering of buffered broadcast packets (bnc#1012382).\n\n - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382).\n\n - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382).\n\n - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382).\n\n - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382).\n\n - matroxfb: fix size of memcpy (bnc#1012382).\n\n - md: batch flush requests (bsc#1119680).\n\n - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (Git-fixes).\n\n - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382).\n\n - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).\n\n - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382).\n\n - media: firewire: Fix app_info parameter type in avc_ca(,_app)_info (bnc#1012382).\n\n - media: vb2: be sure to unlock mutex on errors (bnc#1012382).\n\n - media: vb2: vb2_mmap: move lock up (bnc#1012382).\n\n - media: vivid: fix error handling of kthread_run (bnc#1012382).\n\n - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382).\n\n - media: vivid: set min width/height to a value > 0 (bnc#1012382).\n\n - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).\n\n - mips: Align kernel load address to 64KB (bnc#1012382).\n\n - mips: Ensure pmd_present() returns false after pmd_mknotpresent() (bnc#1012382).\n\n - mips: fix mips_get_syscall_arg o32 check (bnc#1012382).\n\n - mips: fix n32 compat_ipc_parse_version (bnc#1012382).\n\n - mips: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382).\n\n - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382).\n\n - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382).\n\n - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).\n\n - mmc: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382).\n\n - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382).\n\n - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382).\n\n - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382).\n\n - mm, devm_memremap_pages: kill mapping 'System RAM' support (bnc#1012382).\n\n - mm: do not miss the last page because of round-off error (bnc#1118798).\n\n - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204).\n\n - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336).\n\n - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n\n - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n\n - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n\n - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n\n - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382).\n\n - mm/nommu.c: Switch __get_user_pages_unlocked() to use\n __get_user_pages() (bnc#1012382).\n\n - mm: only report isolation failures when offlining memory (generic hotplug debugability).\n\n - mm/page-writeback.c: do not break integrity writeback on\n ->writepage() error (bnc#1012382).\n\n - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790).\n\n - mm: print more information about mapping in __dump_page (generic hotplug debugability).\n\n - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382).\n\n - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n\n - mm: remove write/force parameters from\n __get_user_pages_locked() (bnc#1012382 bsc#1027260).\n\n - mm: remove write/force parameters from\n __get_user_pages_unlocked() (bnc#1012382 bsc#1027260).\n\n - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382).\n\n - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382).\n\n - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260).\n\n - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260).\n\n - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260).\n\n - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382).\n\n - mm, slab: faster active and free stats (bsc#116653, VM Performance).\n\n - mm/slab: improve performance of gathering slabinfo stats (bsc#116653, VM Performance).\n\n - mm, slab: maintain total slab count instead of active count (bsc#116653, VM Performance).\n\n - Move patches to sorted range, p1\n\n - mv88e6060: disable hardware level MAC learning (bnc#1012382).\n\n - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382).\n\n - mwifiex: fix p2p device does not find in scan problem (bnc#1012382).\n\n - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382).\n\n - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382).\n\n - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382).\n\n - net: amd: add missing of_node_put() (bnc#1012382).\n\n - net: bcmgenet: fix OF child-node lookup (bnc#1012382).\n\n - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382).\n\n - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).\n\n - net: ena: fix crash during ena_remove() (bsc#1108240).\n\n - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240).\n\n - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382).\n\n - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382).\n\n - net: hisilicon: remove unexpected free_netdev (bnc#1012382).\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345).\n\n - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340).\n\n - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382).\n\n - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382).\n\n - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382).\n\n - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382).\n\n - net: Prevent invalid access to skb->prev in\n __qdisc_drop_all (bnc#1012382).\n\n - netrom: fix locking in nr_find_socket() (bnc#1012382).\n\n - net: speed up skb_rbtree_purge() (bnc#1012382).\n\n - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382).\n\n - nfc: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382).\n\n - nfit: skip region registration for incomplete control regions (bsc#1118930).\n\n - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes).\n\n - nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n\n - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382).\n\n - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).\n\n - ocfs2: fix potential use after free (bnc#1012382).\n\n - of: add helper to lookup compatible child node (bnc#1012382).\n\n - omap2fb: Fix stack memory disclosure (bsc#1106929)\n\n - packet: Do not leak dev refcounts on error exit (bnc#1012382).\n\n - packet: validate address length (bnc#1012382).\n\n - packet: validate address length if non-zero (bnc#1012382).\n\n - pci: altera: Check link status before retrain link (bnc#1012382).\n\n - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).\n\n - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382).\n\n - pci: altera: Poll for link training status after retraining the link (bnc#1012382).\n\n - pci: altera: Poll for link up status after retraining the link (bnc#1012382).\n\n - pci: altera: Reorder read/write functions (bnc#1012382).\n\n - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382).\n\n - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967).\n\n - perf intel-pt: Fix error with config term 'pt=0' (bnc#1012382).\n\n - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).\n\n - perf pmu: Suppress potential format-truncation warning (bnc#1012382).\n\n - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).\n\n - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382).\n\n - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382).\n\n - powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n\n - powerpc/boot: Fix random libfdt related build errors (bnc#1012382).\n\n - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805).\n\n - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).\n\n - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).\n\n - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382).\n\n - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).\n\n - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).\n\n - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382).\n\n - powerpc/numa: Suppress 'VPHN is not supported' messages (bnc#1012382).\n\n - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).\n\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n\n - powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n\n - powerpc/smp: Rework CPU topology construction (bsc#1109695).\n\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n\n - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).\n\n - powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n\n - power: supply: olpc_battery: correct the temperature units (bnc#1012382).\n\n - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).\n\n - pstore: Convert console write to use ->write_buf (bnc#1012382).\n\n - pstore/ram: Do not treat empty buffers as valid (bnc#1012382).\n\n - qed: Fix bitmap_weight() check (bsc#1019695).\n\n - qed: Fix PTT leak in qed_drain() (bnc#1012382).\n\n - qed: Fix QM getters to always return a valid pq (bsc#1019695 ).\n\n - qed: Fix reading wrong value in loop condition (bnc#1012382).\n\n - r8169: Add support for new Realtek Ethernet (bnc#1012382).\n\n - rapidio/rionet: do not free skb before reading its length (bnc#1012382).\n\n - Refresh patches.kabi/x86-cpufeature-preserve-numbers.patch.\n (bsc#1122651)\n\n - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1106929)\n\n - Revert 'exec: avoid gcc-8 warning for get_task_comm' (kabi).\n\n - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).\n\n - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1106105).\n\n - Revert 'usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half' (bsc#1047487).\n\n - Revert 'wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()' (bnc#1012382).\n\n - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382).\n\n - rtc: snvs: add a missing write sync (bnc#1012382).\n\n - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382).\n\n - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382).\n\n - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382).\n\n - s390/qeth: fix length check in SNMP processing (bnc#1012382).\n\n - sbus: char: add of_node_put() (bnc#1012382).\n\n - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ).\n\n - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382).\n\n - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877).\n\n - scsi: csiostor: Avoid content leaks and casts (bnc#1012382).\n\n - scsi: Introduce scsi_start_queue() (bsc#1119877).\n\n - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382).\n\n - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660).\n\n - scsi: lpfc: devloss timeout race condition caused NULL pointer reference (bsc#1102660).\n\n - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660).\n\n - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n\n - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660).\n\n - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660).\n\n - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660).\n\n - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660).\n\n - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660).\n\n - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660).\n\n - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877).\n\n - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).\n\n - scsi: Protect SCSI device state changes with a mutex (bsc#1119877).\n\n - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083).\n\n - scsi: Re-export scsi_internal_device_(,un)_block() (bsc#1119877).\n\n - scsi: sd: Fix cache_type_store() (bnc#1012382).\n\n - scsi: Split scsi_internal_device_block() (bsc#1119877).\n\n - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n\n - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n\n - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).\n\n - scsi: ufs: fix bugs related to NULL pointer access and array size (bnc#1012382).\n\n - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382).\n\n - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382).\n\n - scsi: ufshcd: release resources if probe fails (bnc#1012382).\n\n - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877).\n\n - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382).\n\n - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382).\n\n - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).\n\n - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382).\n\n - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382).\n\n - selftests: Move networking/timestamping from Documentation (bnc#1012382).\n\n - selinux: fix GPF on invalid policy (bnc#1012382).\n\n - seq_file: fix incomplete reset on read from zero offset (Git-fixes).\n\n - series.conf: Move 'patches.fixes/aio-hold-an-extra-file-reference-over-AIO\n -read-write.patch' into sorted section.\n\n - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382).\n\n - sock: Make sock->sk_stamp thread-safe (bnc#1012382).\n\n - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382).\n\n - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382).\n\n - spi: bcm2835: Fix race on DMA termination (bnc#1012382).\n\n - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382).\n\n - sr: pass down correctly sized SCSI sense buffer (bnc#1012382).\n\n - Staging: lustre: remove two build warnings (bnc#1012382).\n\n - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382).\n\n - staging: speakup: Replace strncpy with memcpy (bnc#1012382).\n\n - sunrpc: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382).\n\n - sunrpc: Fix a potential race in xprt_connect() (git-fixes).\n\n - sunrpc: fix cache_head leak due to queued request (bnc#1012382).\n\n - sunrpc: Fix leak of krb5p encode pages (bnc#1012382).\n\n - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).\n\n - swiotlb: clean up reporting (bnc#1012382).\n\n - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).\n\n - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382).\n\n - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n\n - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n\n - tcp: fix NULL ref in tail loss probe (bnc#1012382).\n\n - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).\n\n - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1020645, git-fixes).\n\n - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n\n - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382).\n\n - tracing: Fix memory leak of instance function hash filters (bnc#1012382).\n\n - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).\n\n - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382).\n\n - tty: wipe buffer (bnc#1012382).\n\n - tty: wipe buffer if not echoing data (bnc#1012382).\n\n - tun: forbid iface creation with rtnl ops (bnc#1012382).\n\n - unifdef: use memcpy instead of strncpy (bnc#1012382).\n\n - Update config files: disable f2fs in the rest configs (boo#1109665)\n\n - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382).\n\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).\n\n - usb: appledisplay: Add 27' Apple Cinema Display (bnc#1012382).\n\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).\n\n - usb: check usb_get_extra_descriptor for proper size (bnc#1012382).\n\n - usb: core: Fix hub port connection events lost (bnc#1012382).\n\n - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382).\n\n - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382).\n\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382).\n\n - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382).\n\n - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382).\n\n - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382).\n\n - usb: omap_udc: use devm_request_irq() (bnc#1012382).\n\n - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382).\n\n - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382).\n\n - usb: serial: option: add Fibocom NL668 series (bnc#1012382).\n\n - usb: serial: option: add Fibocom NL678 series (bnc#1012382).\n\n - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382).\n\n - usb: serial: option: add HP lt4132 (bnc#1012382).\n\n - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382).\n\n - usb: serial: option: add Telit LN940 series (bnc#1012382).\n\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382).\n\n - usb: storage: add quirk for SMI SM3350 (bnc#1012382).\n\n - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382).\n\n - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382).\n\n - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382).\n\n - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382).\n\n - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382).\n\n - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n\n - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382).\n\n - virtio/s390: avoid race on vcdev->config (bnc#1012382).\n\n - virtio/s390: fix race in ccw_io_helper() (bnc#1012382).\n\n - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382).\n\n - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).\n\n - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382).\n\n - x86/entry: spell EBX register correctly in documentation (bnc#1012382).\n\n - x86/MCE: Export memory_error() (bsc#1114648).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648).\n\n - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382).\n\n - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n\n - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/netback: dont overflow meta array (bnc#1099523).\n\n - xen/netfront: tolerate frags with no data (bnc#1012382).\n\n - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).\n\n - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382).\n\n - xfrm: Fix bucket count reported to userspace (bnc#1012382).\n\n - xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n\n - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).\n\n - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n\n - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382).\n\n - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382).\n\n - xprtrdma: Reset credit grant properly after a disconnect (git-fixes).\n\n - xtensa: enable coprocessors that are being flushed (bnc#1012382).\n\n - xtensa: fix coprocessor context offset definitions (bnc#1012382).\n\n - Yama: Check for pid death before checking ancestry (bnc#1012382).\n\n - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1120", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568", "CVE-2019-3459", "CVE-2019-3460"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html"], "id": "OPENSUSE-2019-140.NASL", "href": "https://www.tenable.com/plugins/nessus/121633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-140.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121633);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1120\", \"CVE-2018-16862\", \"CVE-2018-16884\", \"CVE-2018-19407\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-9568\", \"CVE-2019-3459\", \"CVE-2019-3460\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-140)\");\n script_summary(english:\"Check for the openSUSE-2019-140 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 Linux kernel was updated to 4.4.172 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-3459,CVE-2019-3460: Two remote information leak\n vulnerabilities in the Bluetooth stack were fixed that\n could potentially leak kernel information (bsc#1120758)\n\n - CVE-2018-19407: The vcpu_scan_ioapic function in\n arch/x86/kvm/x86.c allowed local users to cause a denial\n of service (NULL pointer dereference and BUG) via\n crafted system calls that reach a situation where ioapic\n is uninitialized (bnc#1116841).\n\n - CVE-2018-19985: The function hso_probe read if_num from\n the USB device (as an u8) and used it without a length\n check to index an array, resulting in an OOB memory read\n in hso_probe or hso _get_config_data that could be used\n by local attackers (bnc#1120743).\n\n - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a\n process's memory containing command line arguments (or\n environment strings), an attacker can cause utilities\n from psutils or procps (such as ps, w) or any other\n program which made a read() call to the\n /proc/<pid>/cmdline (or /proc/<pid>/environ) files to\n block indefinitely (denial of service) or for some\n controlled time (as a synchronization primitive for\n other attacks) (bnc#1087082).\n\n - CVE-2018-16884: NFS41+ shares mounted in different\n network namespaces at the same time can make\n bc_svc_process() use wrong back-channel IDs and cause a\n use-after-free vulnerability. Thus a malicious container\n user can cause a host kernel memory corruption and a\n system panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out (bnc#1119946).\n\n - CVE-2018-20169: The USB subsystem mishandled size checks\n during the reading of an extra descriptor, related to\n __usb_get_extra_descriptor in drivers/usb/core/usb.c\n (bnc#1119714).\n\n - CVE-2018-9568: In sk_clone_lock of sock.c, there is a\n possible memory corruption due to type confusion. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User interaction\n is not needed for exploitation. (bnc#1118319).\n\n - CVE-2018-16862: A security flaw was found in a way that\n the cleancache subsystem clears an inode after the final\n file truncation (removal). The new file created with the\n same inode may contain leftover pages from cleancache\n and the old file data instead of the new one\n (bnc#1117186).\n\n - CVE-2018-19824: A local user could exploit a\n use-after-free in the ALSA driver by supplying a\n malicious USB Sound device (with zero interfaces) that\n is mishandled in usb_audio_probe in sound/usb/card.c\n (bnc#1118152).\n\nThe following non-security bugs were fixed :\n\n - 9p/net: put a lower bound on msize (bnc#1012382).\n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1121239).\n\n - acpi/nfit: Block function zero DSMs (bsc#1123321).\n\n - acpi/nfit: Fix command-supported detection\n (bsc#1123323).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114648).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114648).\n\n - acpi/power: Skip duplicate power resource references in\n _PRx (bnc#1012382).\n\n - acpi/processor: Fix the return value of\n acpi_processor_ids_walk() (git fixes (acpi)).\n\n - aio: fix spectre gadget in lookup_ioctx (bnc#1012382).\n\n - aio: hold an extra file reference over AIO read/write\n operations (bsc#1116027).\n\n - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bnc#1012382).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble\n (bnc#1012382).\n\n - alsa: control: Fix race between adding and removing a\n user element (bnc#1012382).\n\n - alsa: cs46xx: Potential NULL dereference in probe\n (bnc#1012382).\n\n - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities\n (bnc#1012382).\n\n - alsa: emux: Fix potential Spectre v1 vulnerabilities\n (bnc#1012382).\n\n - alsa: hda: add mute LED support for HP EliteBook 840 G4\n (bnc#1012382).\n\n - alsa: hda: Add support for AMD Stoney Ridge\n (bnc#1012382).\n\n - alsa: hda/realtek - Disable headset Mic VREF for headset\n mode of ALC225 (bnc#1012382).\n\n - alsa: hda/tegra: clear pending irq handlers\n (bnc#1012382).\n\n - alsa: isa/wavefront: prevent some out of bound writes\n (bnc#1012382).\n\n - alsa: pcm: Call snd_pcm_unlink() conditionally at\n closing (bnc#1012382).\n\n - alsa: pcm: Fix interval evaluation with openmin/max\n (bnc#1012382).\n\n - alsa: pcm: Fix potential Spectre v1 vulnerability\n (bnc#1012382).\n\n - alsa: pcm: Fix starvation on down_write_nonblock()\n (bnc#1012382).\n\n - alsa: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command\n (bnc#1012382).\n\n - alsa: rme9652: Fix potential Spectre v1 vulnerability\n (bnc#1012382).\n\n - alsa: sparc: Fix invalid snd_free_pages() at error path\n (bnc#1012382).\n\n - alsa: trident: Suppress gcc string warning\n (bnc#1012382).\n\n - alsa: usb-audio: Avoid access before bLength check in\n build_audio_procunit() (bnc#1012382).\n\n - alsa: usb-audio: Fix an out-of-bound read in\n create_composite_quirks (bnc#1012382).\n\n - alsa: wss: Fix invalid snd_free_pages() at error path\n (bnc#1012382).\n\n - arc: change defconfig defaults to ARCv2 (bnc#1012382).\n\n - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382).\n\n - arc: io.h: Implement reads(x)()/writes(x)()\n (bnc#1012382).\n\n - arm64: Do not trap host pointer auth use to EL2\n (bnc#1012382).\n\n - arm64/kvm: consistently handle host HCR_EL2 flags\n (bnc#1012382).\n\n - arm64: perf: set suppress_bind_attrs flag to true\n (bnc#1012382).\n\n - arm64: remove no-op -p linker flag (bnc#1012382).\n\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range()\n unaligned address handling (bnc#1012382).\n\n - arm: imx: update the cpu power up timing setting on\n i.mx6sx (bnc#1012382).\n\n - arm: kvm: fix building with gcc-8 (bsc#1121241).\n\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized\n field (bnc#1012382).\n\n - arm: OMAP2+: prm44xx: Fix section annotation on\n omap44xx_prm_enable_io_wakeup (bnc#1012382).\n\n - ASoC: dapm: Recalculate audio map forcely when card\n instantiated (bnc#1012382).\n\n - ASoC: omap-dmic: Add pm_qos handling to avoid overruns\n with CPU_IDLE (bnc#1012382).\n\n - ASoC: omap-mcpdm: Add pm_qos handling to avoid\n under/overruns with CPU_IDLE (bnc#1012382).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ath10k: fix kernel panic due to race in accessing arvif\n list (bnc#1012382).\n\n - ax25: fix a use-after-free in ax25_fillin_cb()\n (bnc#1012382).\n\n - b43: Fix error in cordic routine (bnc#1012382).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bnc#1012382).\n\n - bfs: add sanity check at bfs_fill_super() (bnc#1012382).\n\n - block/loop: Use global lock for ioctl() operation\n (bnc#1012382).\n\n - block/swim3: Fix -EBUSY error when re-opening device\n after unmount (Git-fixes).\n\n - bnx2x: Assign unique DMAE channel number for FW DMAE\n transactions (bnc#1012382).\n\n - bonding: fix 802.3ad state sent to partner when\n unbinding slave (bnc#1012382).\n\n - bpf: fix check of allowed specifiers in bpf_trace_printk\n (bnc#1012382).\n\n - bpf: support 8-byte metafield access (bnc#1012382).\n\n - bpf, trace: check event type in bpf_perf_event_read\n (bsc#1119970).\n\n - bpf, trace: use READ_ONCE for retrieving file ptr\n (bsc#1119967).\n\n - bpf/verifier: Add spi variable to check_stack_write()\n (bnc#1012382).\n\n - bpf/verifier: Pass instruction index to\n check_mem_access() and check_xadd() (bnc#1012382).\n\n - btrfs: Always try all copies when reading extent buffers\n (bnc#1012382).\n\n - btrfs: ensure path name is null terminated at\n btrfs_control_ioctl (bnc#1012382).\n\n - btrfs: Fix memory barriers usage with device stats\n counters (git-fixes).\n\n - btrfs: fix use-after-free when dumping free space\n (bnc#1012382).\n\n - btrfs: Handle error from btrfs_uuid_tree_rem call in\n _btrfs_ioctl_set_received_subvol (git-fixes).\n\n - btrfs: release metadata before running delayed refs\n (bnc#1012382).\n\n - btrfs: send, fix infinite loop due to directory rename\n dependencies (bnc#1012382).\n\n - btrfs: tree-checker: Check level for leaves and nodes\n (bnc#1012382).\n\n - btrfs: tree-checker: Do not check max block group size\n as current max chunk size limit is unreliable (fixes for\n bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879\n bsc#1102882 bsc#1102896).\n\n - btrfs: tree-checker: Fix misleading group system\n information (bnc#1012382).\n\n - btrfs: tree-check: reduce stack consumption in\n check_dir_item (bnc#1012382).\n\n - btrfs: validate type when reading a chunk (bnc#1012382).\n\n - btrfs: wait on ordered extents on abort cleanup\n (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bnc#1012382).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bnc#1012382).\n\n - can: gw: ensure DLC boundaries after CAN frame\n modification (bnc#1012382).\n\n - can: rcar_can: Fix erroneous registration (bnc#1012382).\n\n - cdc-acm: fix abnormal DATA RX issue for Mediatek\n Preloader (bnc#1012382).\n\n - ceph: do not update importing cap's mseq when handing\n cap export (bsc#1121275).\n\n - checkstack.pl: fix for aarch64 (bnc#1012382).\n\n - cifs: Do not hide EINTR after sending network packets\n (bnc#1012382).\n\n - cifs: Fix error mapping for SMB2_LOCK command which\n caused OFD lock problem (bnc#1012382).\n\n - cifs: Fix potential OOB access of lock element array\n (bnc#1012382).\n\n - cifs: Fix separator when building path from dentry\n (bnc#1012382).\n\n - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on\n legacy (insecure cifs) (bnc#1012382).\n\n - clk: imx6q: reset exclusive gates on init (bnc#1012382).\n\n - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382).\n\n - cpufeature: avoid warning when compiling with clang\n (Git-fixes).\n\n - cpufreq: imx6q: add return value check for voltage scale\n (bnc#1012382).\n\n - crypto: authencesn - Avoid twice completion call in\n decrypt path (bnc#1012382).\n\n - crypto: authenc - fix parsing key with misaligned\n rta_len (bnc#1012382).\n\n - crypto: cts - fix crash on short inputs (bnc#1012382).\n\n - crypto: user - support incremental algorithm dumps\n (bsc#1120902).\n\n - crypto: x86/chacha20 - avoid sleeping with preemption\n disabled (bnc#1012382).\n\n - cw1200: Do not leak memory if krealloc failes\n (bnc#1012382).\n\n - debugobjects: avoid recursive calls with kmemleak\n (bnc#1012382).\n\n - Disable MSI also when pcie-octeon.pcie_disable on\n (bnc#1012382).\n\n - disable stringop truncation warnings for now\n (bnc#1012382).\n\n - dlm: fixed memory leaks after failed ls_remove_names\n allocation (bnc#1012382).\n\n - dlm: lost put_lkb on error path in receive_convert() and\n receive_unlock() (bnc#1012382).\n\n - dlm: memory leaks on error path in dlm_user_request()\n (bnc#1012382).\n\n - dlm: possible memory leak on error path in create_lkb()\n (bnc#1012382).\n\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()\n (bnc#1012382).\n\n - dmaengine: at_hdmac: fix module unloading (bnc#1012382).\n\n - dm cache metadata: ignore hints array being too small\n during resize (Git-fixes).\n\n - dm crypt: add cryptographic data integrity protection\n (authenticated encryption) (Git-fixes).\n\n - dm crypt: factor IV constructor out to separate function\n (Git-fixes).\n\n - dm crypt: fix crash by adding missing check for auth key\n size (git-fixes).\n\n - dm crypt: fix error return code in crypt_ctr()\n (git-fixes).\n\n - dm crypt: fix memory leak in crypt_ctr_cipher_old()\n (git-fixes).\n\n - dm crypt: introduce new format of cipher with 'capi:'\n prefix (Git-fixes).\n\n - dm crypt: wipe kernel key copy after IV initialization\n (Git-fixes).\n\n - dm: do not allow readahead to limit IO size (git fixes\n (readahead)).\n\n - dm kcopyd: Fix bug causing workqueue stalls\n (bnc#1012382).\n\n - dm-multipath: do not assign cmd_flags in setup_clone()\n (bsc#1103156).\n\n - dm snapshot: Fix excessive memory usage and workqueue\n stalls (bnc#1012382).\n\n - dm thin: stop no_space_timeout worker when switching to\n write-mode (Git-fixes).\n\n - drivers: hv: vmbus: check the creation_status in\n vmbus_establish_gpadl() (bsc#1104098).\n\n - drivers: hv: vmbus: Return -EINVAL for the sys files for\n unopened channels (bnc#1012382).\n\n - drivers/sbus/char: add of_node_put() (bnc#1012382).\n\n - drivers/tty: add missing of_node_put() (bnc#1012382).\n\n - drm/ast: change resolution may cause screen blurred\n (bnc#1012382).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bnc#1012382).\n\n - drm/ast: fixed reading monitor EDID not stable issue\n (bnc#1012382).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1106929)\n\n - drm/fb-helper: Ignore the value of\n fb_var_screeninfo.pixclock (bsc#1106929)\n\n - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382).\n\n - drm/msm: Grab a vblank reference when waiting for\n commit_done (bnc#1012382).\n\n - drm: rcar-du: Fix external clock error checks\n (bsc#1106929)\n\n - drm: rcar-du: Fix vblank initialization (bsc#1106929)\n\n - e1000e: allow non-monotonic SYSTIM readings\n (bnc#1012382).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1120722).\n\n - efi/libstub/arm64: Use hidden attribute for struct\n screen_info reference (bsc#1122650).\n\n - exec: avoid gcc-8 warning for get_task_comm\n (bnc#1012382).\n\n - exportfs: do not read dentry after free (bnc#1012382).\n\n - ext2: fix potential use after free (bnc#1012382).\n\n - ext4: fix a potential fiemap/page fault deadlock w/\n inline_data (bnc#1012382).\n\n - ext4: Fix crash during online resizing (bsc#1122779).\n\n - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382).\n\n - ext4: fix possible use after free in ext4_quota_enable\n (bnc#1012382).\n\n - ext4: force inode writes when nfsd calls\n commit_metadata() (bnc#1012382).\n\n - ext4: missing unlock/put_page() in\n ext4_try_to_write_inline_data() (bnc#1012382).\n\n - f2fs: Add sanity_check_inode() function (bnc#1012382).\n\n - f2fs: avoid unneeded loop in build_sit_entries\n (bnc#1012382).\n\n - f2fs: check blkaddr more accuratly before issue a bio\n (bnc#1012382).\n\n - f2fs: clean up argument of recover_data (bnc#1012382).\n\n - f2fs: clean up with is_valid_blkaddr() (bnc#1012382).\n\n - f2fs: detect wrong layout (bnc#1012382).\n\n - f2fs: enhance sanity_check_raw_super() to avoid\n potential overflow (bnc#1012382).\n\n - f2fs: factor out fsync inode entry operations\n (bnc#1012382).\n\n - f2fs: fix inode cache leak (bnc#1012382).\n\n - f2fs: fix invalid memory access (bnc#1012382).\n\n - f2fs: fix missing up_read (bnc#1012382).\n\n - f2fs: fix to avoid reading out encrypted data in page\n cache (bnc#1012382).\n\n - f2fs: fix to convert inline directory correctly\n (bnc#1012382).\n\n - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack\n (bnc#1012382).\n\n - f2fs: fix to do sanity check with block address in main\n area (bnc#1012382).\n\n - f2fs: fix to do sanity check with block address in main\n area v2 (bnc#1012382).\n\n - f2fs: fix to do sanity check with cp_pack_start_sum\n (bnc#1012382).\n\n - f2fs: fix to do sanity check with node footer and\n iblocks (bnc#1012382).\n\n - f2fs: fix to do sanity check with reserved blkaddr of\n inline inode (bnc#1012382).\n\n - f2fs: fix to do sanity check with secs_per_zone\n (bnc#1012382).\n\n - f2fs: fix to do sanity check with user_block_count\n (bnc#1012382).\n\n - f2fs: fix validation of the block count in\n sanity_check_raw_super (bnc#1012382).\n\n - f2fs: free meta pages if sanity check for ckpt is failed\n (bnc#1012382).\n\n - f2fs: give -EINVAL for norecovery and rw mount\n (bnc#1012382).\n\n - f2fs: introduce and spread verify_blkaddr (bnc#1012382).\n\n - f2fs: introduce get_checkpoint_version for cleanup\n (bnc#1012382).\n\n - f2fs: move sanity checking of cp into\n get_valid_checkpoint (bnc#1012382).\n\n - f2fs: not allow to write illegal blkaddr (bnc#1012382).\n\n - f2fs: put directory inodes before checkpoint in\n roll-forward recovery (bnc#1012382).\n\n - f2fs: remove an obsolete variable (bnc#1012382).\n\n - f2fs: return error during fill_super (bnc#1012382).\n\n - f2fs: sanity check on sit entry (bnc#1012382).\n\n - f2fs: use crc and cp version to determine roll-forward\n recovery (bnc#1012382).\n\n - fbdev: fbcon: Fix unregister crash when more than one\n framebuffer (bsc#1106929)\n\n - fbdev: fbmem: behave better with small rotated displays\n and many CPUs (bsc#1106929)\n\n - fix fragmentation series\n\n - Fix problem with sharetransport= and NFSv4\n (bsc#1114893).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (Git-fixes).\n\n - fork: record start_time late (bnc#1012382).\n\n - fscache, cachefiles: remove redundant variable 'cache'\n (bnc#1012382).\n\n - fscache: Fix race in fscache_op_complete() due to split\n atomic_sub & read (Git-fixes).\n\n - fscache: Pass the correct cancelled indications to\n fscache_op_complete() (Git-fixes).\n\n - genwqe: Fix size check (bnc#1012382).\n\n - gfs2: Do not leave s_fs_info pointing to freed memory in\n init_sbd (bnc#1012382).\n\n - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382).\n\n - git_sort.py: Remove non-existent remote tj/libata\n\n - gpiolib: Fix return value of gpio_to_desc() stub if\n !GPIOLIB (Git-fixes).\n\n - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK\n (bnc#1012382).\n\n - gro_cell: add napi_disable in gro_cells_destroy\n (bnc#1012382).\n\n - hfs: do not free node before using (bnc#1012382).\n\n - hfsplus: do not free node before using (bnc#1012382).\n\n - hpwdt add dynamic debugging (bsc#1114417).\n\n - hpwdt calculate reload value on each use (bsc#1114417).\n\n - hugetlbfs: fix bug in pgoff overflow checking\n (bnc#1012382).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bnc#1012382).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bnc#1012382).\n\n - hwpoison, memory_hotplug: allow hwpoisoned pages to be\n offlined (bnc#1116336).\n\n - i2c: axxia: properly handle master timeout\n (bnc#1012382).\n\n - i2c: dev: prevent adapter retries and timeout being set\n as minus value (bnc#1012382).\n\n - i2c: scmi: Fix probe error on devices with an empty\n SMB0001 ACPI device node (bnc#1012382).\n\n - ib/hfi1: Fix an out-of-bounds access in get_hw_stats ().\n\n - ibmveth: Do not process frames after calling\n napi_reschedule (bcs#1123357).\n\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error\n path (bnc#1012382).\n\n - ibmvnic: Add ethtool private flag for driver-defined\n queue limits (bsc#1121726).\n\n - ibmvnic: Convert reset work item mutex to spin lock ().\n\n - ibmvnic: Fix non-atomic memory allocation in IRQ context\n ().\n\n - ibmvnic: Increase maximum queue size limit\n (bsc#1121726).\n\n - ibmvnic: Introduce driver limits for ring sizes\n (bsc#1121726).\n\n - ide: pmac: add of_node_put() (bnc#1012382).\n\n - ieee802154: lowpan_header_create check must check daddr\n (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15ARR (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for touchpad in ASUS\n Aspire F5-573G (bnc#1012382).\n\n - input: elan_i2c - add ELAN0620 to the ACPI table\n (bnc#1012382).\n\n - input: elan_i2c - add support for ELAN0621 touchpad\n (bnc#1012382).\n\n - input: matrix_keypad - check for errors from\n of_get_named_gpio() (bnc#1012382).\n\n - input: omap-keypad - fix idle configuration to not block\n SoC idle states (bnc#1012382).\n\n - input: omap-keypad - fix keyboard debounce configuration\n (bnc#1012382).\n\n - input: restore EV_ABS ABS_RESERVED (bnc#1012382).\n\n - input: xpad - add GPD Win 2 Controller USB IDs\n (bnc#1012382).\n\n - input: xpad - add Mad Catz FightStick TE 2 VID/PID\n (bnc#1012382).\n\n - input: xpad - add more third-party controllers\n (bnc#1012382).\n\n - input: xpad - add PDP device id 0x02a4 (bnc#1012382).\n\n - input: xpad - add product ID for Xbox One S pad\n (bnc#1012382).\n\n - input: xpad - add support for PDP Xbox One controllers\n (bnc#1012382).\n\n - input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bnc#1012382).\n\n - input: xpad - add USB IDs for Mad Catz Brawlstick and\n Razer Sabertooth (bnc#1012382).\n\n - input: xpad - avoid using __set_bit() for capabilities\n (bnc#1012382).\n\n - input: xpad - constify usb_device_id (bnc#1012382).\n\n - input: xpad - correctly sort vendor id's (bnc#1012382).\n\n - input: xpad - correct xbox one pad device name\n (bnc#1012382).\n\n - input: xpad - do not depend on endpoint order\n (bnc#1012382).\n\n - input: xpad - fix GPD Win 2 controller name\n (bnc#1012382).\n\n - input: xpad - fix PowerA init quirk for some gamepad\n models (bnc#1012382).\n\n - input: xpad - fix rumble on Xbox One controllers with\n 2015 firmware (bnc#1012382).\n\n - input: xpad - fix some coding style issues\n (bnc#1012382).\n\n - input: xpad - fix stuck mode button on Xbox One S pad\n (bnc#1012382).\n\n - input: xpad - fix Xbox One rumble stopping after 2.5\n secs (bnc#1012382).\n\n - input: xpad - handle 'present' and 'gone' correctly\n (bnc#1012382).\n\n - input: xpad - move reporting xbox one home button to\n common function (bnc#1012382).\n\n - input: xpad - power off wireless 360 controllers on\n suspend (bnc#1012382).\n\n - input: xpad - prevent spurious input from wired Xbox 360\n controllers (bnc#1012382).\n\n - input: xpad - quirk all PDP Xbox One gamepads\n (bnc#1012382).\n\n - input: xpad - remove spurious events of wireless xpad\n 360 controller (bnc#1012382).\n\n - input: xpad - remove unused function (bnc#1012382).\n\n - input: xpad - restore LED state after device resume\n (bnc#1012382).\n\n - input: xpad - simplify error condition in init_output\n (bnc#1012382).\n\n - input: xpad - sort supported devices by USB ID\n (bnc#1012382).\n\n - input: xpad - support some quirky Xbox One pads\n (bnc#1012382).\n\n - input: xpad - sync supported devices with 360Controller\n (bnc#1012382).\n\n - input: xpad - sync supported devices with XBCD\n (bnc#1012382).\n\n - input: xpad - sync supported devices with xboxdrv\n (bnc#1012382).\n\n - input: xpad - update Xbox One Force Feedback Support\n (bnc#1012382).\n\n - input: xpad - use LED API when identifying wireless\n controllers (bnc#1012382).\n\n - input: xpad - validate USB endpoint type during probe\n (bnc#1012382).\n\n - input: xpad - workaround dead irq_out after suspend/\n resume (bnc#1012382).\n\n - input: xpad - xbox one elite controller support\n (bnc#1012382).\n\n - intel_th: msu: Fix an off-by-one in attribute store\n (bnc#1012382).\n\n - iommu/amd: Call free_iova_fast with pfn in map_sg\n (bsc#1106105).\n\n - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n\n - iommu/amd: Fix IOMMU page flush when detach device from\n a domain (bsc#1106105).\n\n - iommu/amd: Unmap all mapped pages in error path of\n map_sg (bsc#1106105).\n\n - iommu/vt-d: Fix memory leak in\n intel_iommu_put_resv_regions() (bsc#1106105).\n\n - iommu/vt-d: Handle domain agaw being less than iommu\n agaw (bsc#1106105).\n\n - ip6mr: Fix potential Spectre v1 vulnerability\n (bnc#1012382).\n\n - ipmi:ssif: Fix handling of multi-part return messages\n (bnc#1012382).\n\n - ip: on queued skb use skb_header_pointer instead of\n pskb_may_pull (bnc#1012382).\n\n - ip_tunnel: Fix name string concatenate in\n __ip_tunnel_create() (bnc#1012382).\n\n - ipv4: Fix potential Spectre v1 vulnerability\n (bnc#1012382).\n\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when\n truesize changes (bsc#1110286).\n\n - ipv6: Check available headroom in ip6_xmit() even\n without options (bnc#1012382).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to\n a v4 mapped address (bnc#1012382).\n\n - ipv6: explicitly initialize udp6_addr in\n udp_sock_create6() (bnc#1012382).\n\n - ipv6: fix kernel-infoleak in ipv6_local_error()\n (bnc#1012382).\n\n - ipv6: Take rcu_read_lock in __inet6_bind for mapped\n addresses (bnc#1012382).\n\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl\n (bnc#1012382).\n\n - iser: set sector for ambiguous mr status errors\n (bnc#1012382).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bnc#1012382).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bnc#1012382).\n\n - ixgbe: Add function for checking to see if we can reuse\n page (bsc#1100105).\n\n - ixgbe: Add support for build_skb (bsc#1100105).\n\n - ixgbe: Add support for padding packet (bsc#1100105).\n\n - ixgbe: Break out Rx buffer page management\n (bsc#1100105).\n\n - ixgbe: Fix output from ixgbe_dump (bsc#1100105).\n\n - ixgbe: fix possible race in reset subtask (bsc#1101557).\n\n - ixgbe: Make use of order 1 pages and 3K buffers\n independent of FCoE (bsc#1100105).\n\n - ixgbe: Only DMA sync frame length (bsc#1100105).\n\n - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps\n (bnc#1012382).\n\n - ixgbe: Refactor queue disable logic to take completion\n time into account (bsc#1101557).\n\n - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to\n stop device (bsc#1101557).\n\n - ixgbe: Update code to better handle incrementing page\n count (bsc#1100105).\n\n - ixgbe: Update driver to make use of DMA attributes in Rx\n path (bsc#1100105).\n\n - ixgbe: Use length to determine if descriptor is done\n (bsc#1100105).\n\n - jffs2: Fix use of uninitialized delayed_work, lockdep\n breakage (bnc#1012382).\n\n - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages\n to be offlined (bnc#1116336).\n\n - kabi: reorder new slabinfo fields in struct\n kmem_cache_node (bnc#1116653).\n\n - kbuild: suppress packed-not-aligned warning for default\n setting only (bnc#1012382).\n\n - kconfig: fix file name and line number of\n warn_ignored_character() (bnc#1012382).\n\n - kconfig: fix memory leak when EOF is encountered in\n quotation (bnc#1012382).\n\n - kdb: use memmove instead of overlapping memcpy\n (bnc#1012382).\n\n - kdb: Use strscpy with destination buffer size\n (bnc#1012382).\n\n - kernfs: Replace strncpy with memcpy (bnc#1012382).\n\n - kgdboc: fix KASAN global-out-of-bounds bug in\n param_set_kgdboc_var() (bnc#1012382).\n\n - kgdboc: Fix restrict error (bnc#1012382).\n\n - kgdboc: Fix warning with module build (bnc#1012382).\n\n - kobject: Replace strncpy with memcpy (bnc#1012382).\n\n - kvm/arm64: Fix caching of host MDCR_EL2 value\n (bsc#1121242).\n\n - kvm/arm: Restore banked registers and physical timer\n access on hyp_panic() (bsc#1121240).\n\n - kvm/mmu: Fix race in emulated page table writes\n (bnc#1012382).\n\n - kvm/nVMX: Eliminate vmcs02 pool (bnc#1012382).\n\n - kvm/nVMX: mark vmcs12 pages dirty on L2 exit\n (bnc#1012382).\n\n - kvm/PPC: Move and undef TRACE_INCLUDE_PATH/FILE\n (bnc#1012382).\n\n - kvm/svm: Allow direct access to MSR_IA32_SPEC_CTRL\n (bnc#1012382 bsc#1068032).\n\n - kvm/svm: Ensure an IBPB on all affected CPUs when\n freeing a vmcb (bsc#1114648).\n\n - kvm/VMX: Allow direct access to MSR_IA32_SPEC_CTRL\n (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281).\n\n - kvm/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES\n (bnc#1012382).\n\n - kvm/VMX: introduce alloc_loaded_vmcs (bnc#1012382).\n\n - kvm/VMX: make MSR bitmaps per-VCPU (bnc#1012382).\n\n - kvm/x86: Add IBPB support (bnc#1012382 bsc#1068032\n bsc#1068032).\n\n - kvm/x86: fix empty-body warnings (bnc#1012382).\n\n - kvm/x86: Remove indirect MSR op calls from SPEC_CTRL\n (bnc#1012382).\n\n - kvm/x86: Use jmp to invoke kvm_spurious_fault() from\n .fixup (bnc#1012382).\n\n - leds: call led_pwm_set() in leds-pwm to enforce default\n LED_OFF (bnc#1012382).\n\n - leds: leds-gpio: Fix return value check in\n create_gpio_led() (bnc#1012382).\n\n - leds: turn off the LED and wait for completion on\n unregistering LED class device (bnc#1012382).\n\n - libata: whitelist all SAMSUNG MZ7KM* solid-state disks\n (bnc#1012382).\n\n - libceph: fall back to sendmsg for slab pages\n (bsc#1118316).\n\n - libfc: sync strings with upstream versions\n (bsc#1114763).\n\n - lib/interval_tree_test.c: allow full tree search\n (bnc#1012382).\n\n - lib/interval_tree_test.c: allow users to limit scope of\n endpoint (bnc#1012382).\n\n - lib/interval_tree_test.c: make test options module\n parameters (bnc#1012382).\n\n - libnvdimm, (btt, blk): do integrity setup before\n add_disk() (bsc#1118926).\n\n - libnvdimm, dimm: fix dpa reservation vs uninitialized\n label area (bsc#1118936).\n\n - libnvdimm: fix integer overflow static analysis warning\n (bsc#1118922).\n\n - libnvdimm: fix nvdimm_bus_lock() vs device_lock()\n ordering (bsc#1118915).\n\n - lib/rbtree_test.c: make input module parameters\n (bnc#1012382).\n\n - lib/rbtree-test: lower default params (bnc#1012382).\n\n - llc: do not use sk_eat_skb() (bnc#1012382).\n\n - loop: Fix double mutex_unlock(&loop_ctl_mutex) in\n loop_control_ioctl() (bnc#1012382).\n\n - loop: Fold __loop_release into loop_release\n (bnc#1012382).\n\n - loop: Get rid of loop_index_mutex (bnc#1012382).\n\n - LSM: Check for NULL cred-security on free (bnc#1012382).\n\n - mac80211: Clear beacon_int in ieee80211_do_stop\n (bnc#1012382).\n\n - mac80211: fix reordering of buffered broadcast packets\n (bnc#1012382).\n\n - mac80211_hwsim: fix module init error paths for netlink\n (bnc#1012382).\n\n - mac80211_hwsim: Timer should be initialized before\n device registered (bnc#1012382).\n\n - mac80211: ignore NullFunc frames in the duplicate\n detection (bnc#1012382).\n\n - mac80211: ignore tx status for PS stations in\n ieee80211_tx_status_ext (bnc#1012382).\n\n - matroxfb: fix size of memcpy (bnc#1012382).\n\n - md: batch flush requests (bsc#1119680).\n\n - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write\n (Git-fixes).\n\n - media: dvb-frontends: fix i2c access helpers for KASAN\n (bnc#1012382).\n\n - media: em28xx: Fix misplaced reset of\n dev->v4l::field_count (bnc#1012382).\n\n - media: em28xx: Fix use-after-free when disconnecting\n (bnc#1012382).\n\n - media: firewire: Fix app_info parameter type in\n avc_ca(,_app)_info (bnc#1012382).\n\n - media: vb2: be sure to unlock mutex on errors\n (bnc#1012382).\n\n - media: vb2: vb2_mmap: move lock up (bnc#1012382).\n\n - media: vivid: fix error handling of kthread_run\n (bnc#1012382).\n\n - media: vivid: free bitmap_cap when updating\n std/timings/etc (bnc#1012382).\n\n - media: vivid: set min width/height to a value > 0\n (bnc#1012382).\n\n - mfd: tps6586x: Handle interrupts on suspend\n (bnc#1012382).\n\n - mips: Align kernel load address to 64KB (bnc#1012382).\n\n - mips: Ensure pmd_present() returns false after\n pmd_mknotpresent() (bnc#1012382).\n\n - mips: fix mips_get_syscall_arg o32 check (bnc#1012382).\n\n - mips: fix n32 compat_ipc_parse_version (bnc#1012382).\n\n - mips: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382).\n\n - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and\n BigSur (bnc#1012382).\n\n - misc: mic/scif: fix copy-paste error in\n scif_create_remote_lookup (bnc#1012382).\n\n - mmc: atmel-mci: do not assume idle after\n atmci_request_end (bnc#1012382).\n\n - mmc: core: Reset HPI enabled state during re-init and in\n case of errors (bnc#1012382).\n\n - mm: cleancache: fix corruption on missed inode\n invalidation (bnc#1012382).\n\n - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310\n (bnc#1012382).\n\n - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382).\n\n - mm, devm_memremap_pages: kill mapping 'System RAM'\n support (bnc#1012382).\n\n - mm: do not miss the last page because of round-off error\n (bnc#1118798).\n\n - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204).\n\n - mm: hwpoison: call shake_page() after try_to_unmap() for\n mlocked page (bnc#1116336).\n\n - mm: lower the printk loglevel for __dump_page messages\n (generic hotplug debugability).\n\n - mm, memory_hotplug: be more verbose for memory offline\n failures (generic hotplug debugability).\n\n - mm, memory_hotplug: drop pointless block alignment\n checks from __offline_pages (generic hotplug\n debugability).\n\n - mm, memory_hotplug: print reason for the offlining\n failure (generic hotplug debugability).\n\n - mm: mlock: avoid increase mm->locked_vm on mlock() when\n already mlock2(,MLOCK_ONFAULT) (bnc#1012382).\n\n - mm/nommu.c: Switch __get_user_pages_unlocked() to use\n __get_user_pages() (bnc#1012382).\n\n - mm: only report isolation failures when offlining memory\n (generic hotplug debugability).\n\n - mm/page-writeback.c: do not break integrity writeback on\n ->writepage() error (bnc#1012382).\n\n - mm: Preserve _PAGE_DEVMAP across mprotect() calls\n (bsc#1118790).\n\n - mm: print more information about mapping in __dump_page\n (generic hotplug debugability).\n\n - mm, proc: be more verbose about unstable VMA flags in\n /proc/<pid>/smaps (bnc#1012382).\n\n - mm: put_and_wait_on_page_locked() while page is migrated\n (bnc#1109272).\n\n - mm: remove write/force parameters from\n __get_user_pages_locked() (bnc#1012382 bsc#1027260).\n\n - mm: remove write/force parameters from\n __get_user_pages_unlocked() (bnc#1012382 bsc#1027260).\n\n - mm: replace __access_remote_vm() write parameter with\n gup_flags (bnc#1012382).\n\n - mm: replace access_remote_vm() write parameter with\n gup_flags (bnc#1012382).\n\n - mm: replace get_user_pages_locked() write/force\n parameters with gup_flags (bnc#1012382 bsc#1027260).\n\n - mm: replace get_user_pages_unlocked() write/force\n parameters with gup_flags (bnc#1012382 bsc#1027260).\n\n - mm: replace get_user_pages() write/force parameters with\n gup_flags (bnc#1012382 bsc#1027260).\n\n - mm: replace get_vaddr_frames() write/force parameters\n with gup_flags (bnc#1012382).\n\n - mm, slab: faster active and free stats (bsc#116653, VM\n Performance).\n\n - mm/slab: improve performance of gathering slabinfo stats\n (bsc#116653, VM Performance).\n\n - mm, slab: maintain total slab count instead of active\n count (bsc#116653, VM Performance).\n\n - Move patches to sorted range, p1\n\n - mv88e6060: disable hardware level MAC learning\n (bnc#1012382).\n\n - mwifiex: Fix NULL pointer dereference in skb_dequeue()\n (bnc#1012382).\n\n - mwifiex: fix p2p device does not find in scan problem\n (bnc#1012382).\n\n - namei: allow restricted O_CREAT of FIFOs and regular\n files (bnc#1012382).\n\n - neighbour: Avoid writing before skb->head in\n neigh_hh_output() (bnc#1012382).\n\n - net: 8139cp: fix a BUG triggered by changing mtu with\n network traffic (bnc#1012382).\n\n - net: amd: add missing of_node_put() (bnc#1012382).\n\n - net: bcmgenet: fix OF child-node lookup (bnc#1012382).\n\n - net: bridge: fix a bug on using a neighbour cache entry\n without checking its state (bnc#1012382).\n\n - net: call sk_dst_reset when set SO_DONTROUTE\n (bnc#1012382).\n\n - net: ena: fix crash during ena_remove() (bsc#1108240).\n\n - net: ena: update driver version from 2.0.1 to 2.0.2\n (bsc#1108240).\n\n - net: faraday: ftmac100: remove netif_running(netdev)\n check before disabling interrupts (bnc#1012382).\n\n - netfilter: nf_tables: fix oops when inserting an element\n into a verdict map (bnc#1012382).\n\n - net: hisilicon: remove unexpected free_netdev\n (bnc#1012382).\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net: ipv4: do not handle duplicate fragments as\n overlapping (bsc#1116345).\n\n - net/mlx4_core: Correctly set PFC param if global pause\n is turned off (bsc#1015336 bsc#1015337 bsc#1015340).\n\n - net/mlx4_core: Fix uninitialized variable compilation\n warning (bnc#1012382).\n\n - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw\n command (bnc#1012382).\n\n - net/mlx4: Fix UBSAN warning of signed integer overflow\n (bnc#1012382).\n\n - net: phy: do not allow __set_phy_supported to add\n unsupported modes (bnc#1012382).\n\n - net: Prevent invalid access to skb->prev in\n __qdisc_drop_all (bnc#1012382).\n\n - netrom: fix locking in nr_find_socket() (bnc#1012382).\n\n - net: speed up skb_rbtree_purge() (bnc#1012382).\n\n - net: thunderx: fix NULL pointer dereference in\n nic_remove (bnc#1012382).\n\n - nfc: nfcmrvl_uart: fix OF child-node lookup\n (bnc#1012382).\n\n - nfit: skip region registration for incomplete control\n regions (bsc#1118930).\n\n - nfsv4: Do not exit the state manager without clearing\n NFS4CLNT_MANAGER_RUNNING (git-fixes).\n\n - nvme: validate controller state before rescheduling keep\n alive (bsc#1103257).\n\n - ocfs2: fix deadlock caused by ocfs2_defrag_extent()\n (bnc#1012382).\n\n - ocfs2: fix panic due to unrecovered local alloc\n (bnc#1012382).\n\n - ocfs2: fix potential use after free (bnc#1012382).\n\n - of: add helper to lookup compatible child node\n (bnc#1012382).\n\n - omap2fb: Fix stack memory disclosure (bsc#1106929)\n\n - packet: Do not leak dev refcounts on error exit\n (bnc#1012382).\n\n - packet: validate address length (bnc#1012382).\n\n - packet: validate address length if non-zero\n (bnc#1012382).\n\n - pci: altera: Check link status before retrain link\n (bnc#1012382).\n\n - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).\n\n - pci: altera: Move retrain from fixup to\n altera_pcie_host_init() (bnc#1012382).\n\n - pci: altera: Poll for link training status after\n retraining the link (bnc#1012382).\n\n - pci: altera: Poll for link up status after retraining\n the link (bnc#1012382).\n\n - pci: altera: Reorder read/write functions (bnc#1012382).\n\n - pci: altera: Rework config accessors for use without a\n struct pci_bus (bnc#1012382).\n\n - perf/bpf: Convert perf_event_array to use struct file\n (bsc#1119967).\n\n - perf intel-pt: Fix error with config term 'pt=0'\n (bnc#1012382).\n\n - perf parse-events: Fix unchecked usage of strncpy()\n (bnc#1012382).\n\n - perf pmu: Suppress potential format-truncation warning\n (bnc#1012382).\n\n - perf svghelper: Fix unchecked usage of strncpy()\n (bnc#1012382).\n\n - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11\n (bnc#1012382).\n\n - platform/x86: asus-wmi: Tell the EC the OS will handle\n the display off hotkey (bnc#1012382).\n\n - powerpc/64s: consolidate MCE counter increment\n (bsc#1094244).\n\n - powerpc/boot: Fix random libfdt related build errors\n (bnc#1012382).\n\n - powerpc/boot: Request no dynamic linker for boot wrapper\n (bsc#1070805).\n\n - powerpc/cacheinfo: Report the correct shared_cpu_map on\n big-cores (bsc#1109695).\n\n - powerpc: Detect the presence of big-cores via 'ibm,\n thread-groups' (bsc#1109695).\n\n - powerpc: Fix COFF zImage booting on old powermacs\n (bnc#1012382).\n\n - powerpc, hotplug: Avoid to touch non-existent cpumasks\n (bsc#1109695).\n\n - powerpc: make use of for_each_node_by_type() instead of\n open-coding it (bsc#1109695).\n\n - powerpc/msi: Fix NULL pointer access in teardown code\n (bnc#1012382).\n\n - powerpc/numa: Suppress 'VPHN is not supported' messages\n (bnc#1012382).\n\n - powerpc/pseries/cpuidle: Fix preempt warning\n (bnc#1012382).\n\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n\n - powerpc/smp: Add Power9 scheduler topology\n (bsc#1109695).\n\n - powerpc/smp: Rework CPU topology construction\n (bsc#1109695).\n\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings\n (bsc#1109695).\n\n - powerpc/traps: restore recoverability of machine_check\n interrupts (bsc#1094244).\n\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on\n bigcores (bsc#1109695).\n\n - powerpc/xmon: Fix invocation inside lock region\n (bsc#1122885).\n\n - power: supply: olpc_battery: correct the temperature\n units (bnc#1012382).\n\n - proc: Remove empty line in /proc/self/status\n (bnc#1012382 bsc#1094823).\n\n - pstore: Convert console write to use ->write_buf\n (bnc#1012382).\n\n - pstore/ram: Do not treat empty buffers as valid\n (bnc#1012382).\n\n - qed: Fix bitmap_weight() check (bsc#1019695).\n\n - qed: Fix PTT leak in qed_drain() (bnc#1012382).\n\n - qed: Fix QM getters to always return a valid pq\n (bsc#1019695 ).\n\n - qed: Fix reading wrong value in loop condition\n (bnc#1012382).\n\n - r8169: Add support for new Realtek Ethernet\n (bnc#1012382).\n\n - rapidio/rionet: do not free skb before reading its\n length (bnc#1012382).\n\n - Refresh\n patches.kabi/x86-cpufeature-preserve-numbers.patch.\n (bsc#1122651)\n\n - Revert 'drm/rockchip: Allow driver to be shutdown on\n reboot/kexec' (bsc#1106929)\n\n - Revert 'exec: avoid gcc-8 warning for get_task_comm'\n (kabi).\n\n - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable\n systems' (bsc#1106105).\n\n - Revert 'PCI/ASPM: Do not initialize link state when\n aspm_disabled is set' (bsc#1106105).\n\n - Revert 'usb: musb: musb_host: Enable HCD_BH flag to\n handle urb return in bottom half' (bsc#1047487).\n\n - Revert 'wlcore: Add missing PM call for\n wlcore_cmd_wait_for_event_or_timeout()' (bnc#1012382).\n\n - rocker: fix rocker_tlv_put_* functions for KASAN\n (bnc#1012382).\n\n - rtc: snvs: add a missing write sync (bnc#1012382).\n\n - rtc: snvs: Add timeouts to avoid kernel lockups\n (bnc#1012382).\n\n - rtnetlink: ndo_dflt_fdb_dump() only work for\n ARPHRD_ETHER devices (bnc#1012382).\n\n - s390/cpum_cf: Reject request for sampling in event\n initialization (bnc#1012382).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (bnc#1012382).\n\n - s390/qeth: fix length check in SNMP processing\n (bnc#1012382).\n\n - sbus: char: add of_node_put() (bnc#1012382).\n\n - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382\n bsc#1019683, ).\n\n - scsi: bnx2fc: Fix NULL dereference in error handling\n (bnc#1012382).\n\n - scsi: Create two versions of\n scsi_internal_device_unblock() (bsc#1119877).\n\n - scsi: csiostor: Avoid content leaks and casts\n (bnc#1012382).\n\n - scsi: Introduce scsi_start_queue() (bsc#1119877).\n\n - scsi: libiscsi: Fix NULL pointer dereference in\n iscsi_eh_session_reset (bnc#1012382).\n\n - scsi: lpfc: Add Buffer overflow check, when nvme_info\n larger than PAGE_SIZE (bsc#1102660).\n\n - scsi: lpfc: devloss timeout race condition caused NULL\n pointer reference (bsc#1102660).\n\n - scsi: lpfc: Fix abort error path for NVMET\n (bsc#1102660).\n\n - scsi: lpfc: fix block guard enablement on SLI3 adapters\n (bsc#1079935).\n\n - scsi: lpfc: Fix driver crash when re-registering NVME\n rports (bsc#1102660).\n\n - scsi: lpfc: Fix ELS abort on SLI-3 adapters\n (bsc#1102660).\n\n - scsi: lpfc: Fix list corruption on the completion queue\n (bsc#1102660).\n\n - scsi: lpfc: Fix NVME Target crash in defer rcv logic\n (bsc#1102660).\n\n - scsi: lpfc: Fix panic if driver unloaded when port is\n offline (bsc#1102660).\n\n - scsi: lpfc: update driver version to 11.4.0.7-5\n (bsc#1102660).\n\n - scsi: Make __scsi_remove_device go straight from BLOCKED\n to DEL (bsc#1119877).\n\n - scsi: megaraid: fix out-of-bound array accesses\n (bnc#1012382).\n\n - scsi: Protect SCSI device state changes with a mutex\n (bsc#1119877).\n\n - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig\n (bsc#1043083).\n\n - scsi: Re-export scsi_internal_device_(,un)_block()\n (bsc#1119877).\n\n - scsi: sd: Fix cache_type_store() (bnc#1012382).\n\n - scsi: Split scsi_internal_device_block() (bsc#1119877).\n\n - scsi: target: add emulate_pr backstore attr to toggle PR\n support (bsc#1091405).\n\n - scsi: target: drop unused pi_prot_format attribute\n storage (bsc#1091405).\n\n - scsi: target: use consistent left-aligned ASCII INQUIRY\n data (bnc#1012382).\n\n - scsi: ufs: fix bugs related to NULL pointer access and\n array size (bnc#1012382).\n\n - scsi: ufs: fix race between clock gating and devfreq\n scaling work (bnc#1012382).\n\n - scsi: ufshcd: Fix race between clk scaling and ungate\n work (bnc#1012382).\n\n - scsi: ufshcd: release resources if probe fails\n (bnc#1012382).\n\n - scsi: use 'inquiry_mutex' instead of 'state_mutex'\n (bsc#1119877).\n\n - scsi: vmw_pscsi: Rearrange code to avoid multiple calls\n to free_irq during unload (bnc#1012382).\n\n - scsi: zfcp: fix posting too many status read buffers\n leading to adapter shutdown (bnc#1012382).\n\n - sctp: allocate sctp_sockaddr_entry with kzalloc\n (bnc#1012382).\n\n - sctp: clear the transport of some out_chunk_list chunks\n in sctp_assoc_rm_peer (bnc#1012382).\n\n - sctp: initialize sin6_flowinfo for ipv6 addrs in\n sctp_inet6addr_event (bnc#1012382).\n\n - selftests: Move networking/timestamping from\n Documentation (bnc#1012382).\n\n - selinux: fix GPF on invalid policy (bnc#1012382).\n\n - seq_file: fix incomplete reset on read from zero offset\n (Git-fixes).\n\n - series.conf: Move\n 'patches.fixes/aio-hold-an-extra-file-reference-over-AIO\n -read-write.patch' into sorted section.\n\n - slab: alien caches must not be initialized if the\n allocation of the alien cache failed (bnc#1012382).\n\n - sock: Make sock->sk_stamp thread-safe (bnc#1012382).\n\n - spi: bcm2835: Avoid finishing transfer prematurely in\n IRQ mode (bnc#1012382).\n\n - spi: bcm2835: Fix book-keeping of DMA termination\n (bnc#1012382).\n\n - spi: bcm2835: Fix race on DMA termination (bnc#1012382).\n\n - spi: bcm2835: Unbreak the build of esoteric configs\n (bnc#1012382).\n\n - sr: pass down correctly sized SCSI sense buffer\n (bnc#1012382).\n\n - Staging: lustre: remove two build warnings\n (bnc#1012382).\n\n - staging: rts5208: fix gcc-8 logic error warning\n (bnc#1012382).\n\n - staging: speakup: Replace strncpy with memcpy\n (bnc#1012382).\n\n - sunrpc: Fix a bogus get/put in generic_key_to_expire()\n (bnc#1012382).\n\n - sunrpc: Fix a potential race in xprt_connect()\n (git-fixes).\n\n - sunrpc: fix cache_head leak due to queued request\n (bnc#1012382).\n\n - sunrpc: Fix leak of krb5p encode pages (bnc#1012382).\n\n - sunrpc: handle ENOMEM in rpcb_getport_async\n (bnc#1012382).\n\n - swiotlb: clean up reporting (bnc#1012382).\n\n - sysfs: Disable lockdep for driver bind/unbind files\n (bnc#1012382).\n\n - sysv: return 'err' instead of 0 in __sysv_write_inode\n (bnc#1012382).\n\n - target/iscsi: avoid NULL dereference in CHAP auth error\n path (bsc#1117165).\n\n - target: se_dev_attrib.emulate_pr ABI stability\n (bsc#1091405).\n\n - tcp: fix NULL ref in tail loss probe (bnc#1012382).\n\n - timer/debug: Change /proc/timer_list from 0444 to 0400\n (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_bearer_enable\n (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_doit\n (bnc#1012382).\n\n - tipc: fix uninit-value in\n tipc_nl_compat_link_reset_stats (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_link_set\n (bnc#1012382).\n\n - tipc: fix uninit-value in tipc_nl_compat_name_table_dump\n (bnc#1012382).\n\n - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with\n a negative offset (bnc#1012382).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1020645, git-fixes).\n\n - tracing: Fix bad use of igrab in trace_uprobe.c\n (bsc#1120046).\n\n - tracing: Fix memory leak in set_trigger_filter()\n (bnc#1012382).\n\n - tracing: Fix memory leak of instance function hash\n filters (bnc#1012382).\n\n - tty/ldsem: Wake up readers after timed out down_write()\n (bnc#1012382).\n\n - tty: serial: 8250_mtk: always resume the device in probe\n (bnc#1012382).\n\n - tty: wipe buffer (bnc#1012382).\n\n - tty: wipe buffer if not echoing data (bnc#1012382).\n\n - tun: forbid iface creation with rtnl ops (bnc#1012382).\n\n - unifdef: use memcpy instead of strncpy (bnc#1012382).\n\n - Update config files: disable f2fs in the rest configs\n (boo#1109665)\n\n - uprobes: Fix handle_swbp() vs. unregister() + register()\n race once more (bnc#1012382).\n\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70\n RGB (bnc#1012382).\n\n - usb: appledisplay: Add 27' Apple Cinema Display\n (bnc#1012382).\n\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems\n (bnc#1012382).\n\n - usb: check usb_get_extra_descriptor for proper size\n (bnc#1012382).\n\n - usb: core: Fix hub port connection events lost\n (bnc#1012382).\n\n - usb: core: quirks: add RESET_RESUME quirk for Cherry\n G230 Stream series (bnc#1012382).\n\n - usb: gadget: dummy: fix nonsensical comparisons\n (bnc#1012382).\n\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg\n bug 2 (bnc#1012382).\n\n - usb: omap_udc: fix crashes on probe error and module\n removal (bnc#1012382).\n\n - usb: omap_udc: fix omap_udc_start() on 15xx machines\n (bnc#1012382).\n\n - usb: omap_udc: fix USB gadget functionality on Palm\n Tungsten E (bnc#1012382).\n\n - usb: omap_udc: use devm_request_irq() (bnc#1012382).\n\n - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair\n device (bnc#1012382).\n\n - usb: r8a66597: Fix a possible concurrency use-after-free\n bug in r8a66597_endpoint_disable() (bnc#1012382).\n\n - usb: serial: option: add Fibocom NL668 series\n (bnc#1012382).\n\n - usb: serial: option: add Fibocom NL678 series\n (bnc#1012382).\n\n - usb: serial: option: add GosunCn ZTE WeLink ME3630\n (bnc#1012382).\n\n - usb: serial: option: add HP lt4132 (bnc#1012382).\n\n - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM\n mode) (bnc#1012382).\n\n - usb: serial: option: add Telit LN940 series\n (bnc#1012382).\n\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS\n pole displays (bnc#1012382).\n\n - usb: storage: add quirk for SMI SM3350 (bnc#1012382).\n\n - usb: storage: do not insert sane sense for SPC3+ when\n bad sense specified (bnc#1012382).\n\n - usb: usb-storage: Add new IDs to ums-realtek\n (bnc#1012382).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bnc#1012382).\n\n - usb: xhci: fix uninitialized completion when USB3 port\n got wrong status (bnc#1012382).\n\n - usb: xhci: Prevent bus suspend if a port connect change\n or polling state is detected (bnc#1012382).\n\n - v9fs_dir_readdir: fix double-free on p9stat_read error\n (bnc#1012382).\n\n - vfs: Avoid softlockups in drop_pagecache_sb()\n (bsc#1118505).\n\n - vhost: make sure used idx is seen before log in\n vhost_add_used_n() (bnc#1012382).\n\n - virtio/s390: avoid race on vcdev->config (bnc#1012382).\n\n - virtio/s390: fix race in ccw_io_helper() (bnc#1012382).\n\n - VSOCK: Send reset control packet when socket is\n partially bound (bnc#1012382).\n\n - writeback: do not decrement wb->refcnt if !wb->bdi (git\n fixes (writeback)).\n\n - x86/earlyprintk/efi: Fix infinite loop on some screen\n widths (bnc#1012382).\n\n - x86/entry: spell EBX register correctly in documentation\n (bnc#1012382).\n\n - x86/MCE: Export memory_error() (bsc#1114648).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114648).\n\n - x86/mtrr: Do not copy uninitialized gentry fields back\n to userspace (bnc#1012382).\n\n - x86/speculation/l1tf: Drop the swap storage limit\n restriction when l1tf=off (bnc#1114871).\n\n - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP\n (bnc#1012382).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/netback: dont overflow meta array (bnc#1099523).\n\n - xen/netfront: tolerate frags with no data (bnc#1012382).\n\n - xen/x86: add diagnostic printout to xen_mc_flush() in\n case of error (bnc#1116183).\n\n - xen: xlate_mmu: add missing header to fix 'W=1' warning\n (bnc#1012382).\n\n - xfrm: Fix bucket count reported to userspace\n (bnc#1012382).\n\n - xfs: Align compat attrlist_by_handle with native\n implementation (git-fixes).\n\n - xfs: fix quotacheck dquot id overflow infinite loop\n (bsc#1121621).\n\n - xhci: Add quirk to workaround the errata seen on Cavium\n Thunder-X2 Soc (bsc#1117162).\n\n - xhci: Do not prevent USB2 bus suspend in state check\n intended for USB3 only (bnc#1012382).\n\n - xhci: Prevent U1/U2 link pm states if exit latency is\n too long (bnc#1012382).\n\n - xprtrdma: Reset credit grant properly after a disconnect\n (git-fixes).\n\n - xtensa: enable coprocessors that are being flushed\n (bnc#1012382).\n\n - xtensa: fix coprocessor context offset definitions\n (bnc#1012382).\n\n - Yama: Check for pid death before checking ancestry\n (bnc#1012382).\n\n - x86/pkeys: Properly copy pkey state at fork()\n (bsc#1106105).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123357\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.172-86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.172-86.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.\n(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. (CVE-2019-11599)", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-3900"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1232.NASL", "href": "https://www.tenable.com/plugins/nessus/126956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1232.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126956);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-3900\");\n script_xref(name:\"ALAS\", value:\"2019-1232\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1232)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An infinite loop issue was found in the vhost_net kernel module while\nhandling incoming packets in handle_rx(). The infinite loop could\noccur if one end sends packets faster than the other end can process\nthem. A guest user, maybe a remote one, could use this flaw to stall\nthe vhost_net kernel thread, resulting in a DoS scenario.\n(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation\ndoes not use locking or other mechanisms to prevent vma layout or vma\nflags changes while it runs. This allows local users to obtain\nsensitive information, cause a denial of service (DoS), or possibly\nhave unspecified other impact by triggering a race condition with\nmmget_not_zero or get_task_mm calls. (CVE-2019-11599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1232.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.133-113.105.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:40", "description": "An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.(CVE-2019-11599)", "cvss3": {}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-3900"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1232.NASL", "href": "https://www.tenable.com/plugins/nessus/127060", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1232.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127060);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-3900\");\n script_xref(name:\"ALAS\", value:\"2019-1232\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1232)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An infinite loop issue was found in the vhost_net kernel module while\nhandling incoming packets in handle_rx(). The infinite loop could\noccur if one end sends packets faster than the other end can process\nthem. A guest user, maybe a remote one, could use this flaw to stall\nthe vhost_net kernel thread, resulting in a DoS\nscenario.(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation\ndoes not use locking or other mechanisms to prevent vma layout or vma\nflags changes while it runs. This allows local users to obtain\nsensitive information, cause a denial of service (DoS), or possibly\nhave unspecified other impact by triggering a race condition with\nmmget_not_zero or get_task_mm calls.(CVE-2019-11599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1232.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.133-88.105.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:31", "description": "The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-17T00:00:00", "type": "nessus", "title": "Fedora 28 : kernel / kernel-headers (2019-509c133845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3459", "CVE-2019-3460"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-509C133845.NASL", "href": "https://www.tenable.com/plugins/nessus/121217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-509c133845.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121217);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-3459\", \"CVE-2019-3460\");\n script_xref(name:\"FEDORA\", value:\"2019-509c133845\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers (2019-509c133845)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-509c133845\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3459\", \"CVE-2019-3460\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-509c133845\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-4.19.15-200.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-4.19.15-200.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:00", "description": "The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-17T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers (2019-f812c9fb22)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3459", "CVE-2019-3460"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-F812C9FB22.NASL", "href": "https://www.tenable.com/plugins/nessus/121218", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f812c9fb22.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121218);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-3459\", \"CVE-2019-3460\");\n script_xref(name:\"FEDORA\", value:\"2019-f812c9fb22\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers (2019-f812c9fb22)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f812c9fb22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3459\", \"CVE-2019-3460\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-f812c9fb22\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-4.19.15-300.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-4.19.15-300.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:01", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/129900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0180. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129900);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\"\n );\n script_bugtraq_id(105761, 106503, 108113);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:03", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/129920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0183. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129920);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\"\n );\n script_bugtraq_id(105761, 106503, 108113);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:44", "description": "A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects. (CVE-2019-10142)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.\n(CVE-2019-11884)\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).\n(CVE-2019-3882)", "cvss3": {}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10142", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1214.NASL", "href": "https://www.tenable.com/plugins/nessus/125605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1214.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125605);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-10142\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-5489\", \"CVE-2019-9500\");\n script_xref(name:\"ALAS\", value:\"2019-1214\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects. (CVE-2019-10142)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the\nLinux kernel before 5.0.15 allows a local user to obtain potentially\nsensitive information from kernel stack memory via a HIDPCONNADD\ncommand, because a name field may not end with a '\\0' character.\n(CVE-2019-11884)\n\nIf the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nA new software page cache side channel attack scenario was discovered\nin operating systems that implement the very common 'page cache'\ncaching mechanism. A malicious user/process could use 'in memory'\npage-cache knowledge to infer access timings to shared memory and gain\nknowledge which can be used to reduce effectiveness of cryptographic\nstrength by monitoring algorithmic behavior, infer access patterns of\nmemory to determine code paths taken, and exfiltrate data to a blinded\nattacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nA flaw was found in the Linux kernel's vfio interface implementation\nthat permits violation of the user's locked memory limit. If a device\nis bound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service (DoS).\n(CVE-2019-3882)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1214.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.121-85.96.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-26T14:18:07", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2020:0740)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"], "id": "REDHAT-RHSA-2020-0740.NASL", "href": "https://www.tenable.com/plugins/nessus/134361", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0740. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134361);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-11884\",\n \"CVE-2019-15030\",\n \"CVE-2019-15916\",\n \"CVE-2019-17666\",\n \"CVE-2019-18805\"\n );\n script_bugtraq_id(\n 106565,\n 107910,\n 108299,\n 108547\n );\n script_xref(name:\"RHSA\", value:\"2020:0740\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:0740)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0740 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable\n exception (CVE-2019-15030)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1655162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1663176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1663179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1750813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771496\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 190, 200, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-16871', 'CVE-2019-3459', 'CVE-2019-3460', 'CVE-2019-11884', 'CVE-2019-15030', 'CVE-2019-15916', 'CVE-2019-17666', 'CVE-2019-18805');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0740');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.14.0-115.18.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:16:42", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause a denial of service attack with low rates of packets targeting IP fragment re-assembly.\n (bsc#1103097)\n\n - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\n - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nThe following non-security bugs were fixed :\n\n - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).\n\n - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).\n\n - Documentation/network: reword kernel version reference (bnc#1012382).\n\n - IB/core: type promotion bug in rdma_rw_init_one_mr() ().\n\n - IB/rxe: Fix incorrect cache cleanup in error flow ().\n\n - IB/rxe: replace kvfree with vfree ().\n\n - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382).\n\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ).\n\n - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bnc#1012382).\n\n - Revert 'cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)' (bnc#1012382).\n\n - Revert 'exec: load_script: do not blindly truncate shebang string' (bnc#1012382).\n\n - Revert 'loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()' (bnc#1012382).\n\n - Revert 'loop: Fold __loop_release into loop_release' (bnc#1012382).\n\n - Revert 'loop: Get rid of loop_index_mutex' (bnc#1012382).\n\n - Revert 'mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).'\n\n - Revert most of 4.4.174 (kabi).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1125000).\n\n - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775).\n\n - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).\n\n - alpha: fix page fault handling for r16-r18 targets (bnc#1012382).\n\n - alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).\n\n - alsa: hda - Serialize codec registrations (bnc#1012382).\n\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382).\n\n - arc: perf: map generic branches to correct hardware condition (bnc#1012382).\n\n - arm64: KVM: Skip MMIO insn after emulation (bnc#1012382).\n\n - arm64: ftrace: do not adjust the LR value (bnc#1012382).\n\n - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382).\n\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382).\n\n - arm: OMAP2+: hwmod: Fix some section annotations (bnc#1012382).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382).\n\n - arm: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382).\n\n - arm: dts: da850-evm: Correct the sound card name (bnc#1012382).\n\n - arm: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382).\n\n - arm: dts: mmp2: fix TWSI2 (bnc#1012382).\n\n - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).\n\n - arm: pxa: avoid section mismatch warning (bnc#1012382).\n\n - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382).\n\n - batman-adv: Force mac header to start of data on xmit (bnc#1012382).\n\n - bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382).\n\n - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).\n\n - can: bcm: check timer values before ktime conversion (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382).\n\n - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809).\n\n - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382).\n\n - cifs: Always resolve hostname before reconnecting (bnc#1012382).\n\n - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382).\n\n - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382).\n\n - cifs: Limit memory used by lock request calls to a page (bnc#1012382).\n\n - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382).\n\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382).\n\n - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017).\n\n - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382).\n\n - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382).\n\n - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382).\n\n - debugfs: fix debugfs_rename parameter checking (bnc#1012382).\n\n - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382).\n\n - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382).\n\n - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382).\n\n - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382).\n\n - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382).\n\n - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382).\n\n - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382).\n\n - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382).\n\n - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).\n\n - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929)\n\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929)\n\n - drm/modes: Prevent division by zero htotal (bnc#1012382).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1106929)\n\n - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929)\n\n - enic: fix checksum validation for IPv6 (bnc#1012382).\n\n - exec: load_script: do not blindly truncate shebang string (bnc#1012382).\n\n - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382).\n\n - f2fs: move dir data flush to write checkpoint process (bnc#1012382).\n\n - f2fs: read page index before freeing (bnc#1012382).\n\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382).\n\n - fs/epoll: drop ovflist branch prediction (bnc#1012382).\n\n - fs: add the fsnotify call to vfs_iter_write (bnc#1012382).\n\n - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382).\n\n - fs: fix lost error code in dio_complete (bsc#1117744).\n\n - fuse: call pipe_buf_release() under pipe lock (bnc#1012382).\n\n - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382).\n\n - fuse: handle zero sized retrieve correctly (bnc#1012382).\n\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n\n - gdrom: fix a memory leak bug (bnc#1012382).\n\n - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bnc#1012382).\n\n - gpio: pl061: handle failed allocations (bnc#1012382).\n\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)\n\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929)\n\n - hid: debug: fix the ring buffer implementation (bnc#1012382).\n\n - hid: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382).\n\n - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes).\n\n - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382).\n\n - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382).\n\n - i2c-axxia: check for error conditions first (bnc#1012382).\n\n - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382).\n\n - inet: frags: add a pointer to struct netns_frags (bnc#1012382).\n\n - inet: frags: better deal with smp races (bnc#1012382).\n\n - inet: frags: break the 2GB limit for frags storage (bnc#1012382).\n\n - inet: frags: change inet_frags_init_net() return value (bnc#1012382).\n\n - inet: frags: do not clone skb in ip_expire() (bnc#1012382).\n\n - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382).\n\n - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382).\n\n - inet: frags: get rif of inet_frag_evicting() (bnc#1012382).\n\n - inet: frags: refactor ipfrag_init() (bnc#1012382).\n\n - inet: frags: refactor ipv6_frag_init() (bnc#1012382).\n\n - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382).\n\n - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382).\n\n - inet: frags: remove some helpers (bnc#1012382).\n\n - inet: frags: reorganize struct netns_frags (bnc#1012382).\n\n - inet: frags: use rhashtables for reassembly units (bnc#1012382).\n\n - input: bma150 - register input device after setting private data (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382).\n\n - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382).\n\n - input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382).\n\n - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382).\n\n - ip: add helpers to process in-order fragments faster (bnc#1012382).\n\n - ip: frags: fix crash in ip_do_fragment() (bnc#1012382).\n\n - ip: process in-order fragments efficiently (bnc#1012382).\n\n - ip: use rb trees for IP frag queue (bnc#1012382).\n\n - ipfrag: really prevent allocation on netns exit (bnc#1012382).\n\n - ipv4: frags: precedence bug in ip_expire() (bnc#1012382).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382).\n\n - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382).\n\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382).\n\n - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382).\n\n - kABI: protect linux/kfifo.h include in hid-debug (kabi).\n\n - kABI: protect struct hda_bus (kabi).\n\n - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382).\n\n - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382).\n\n - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382).\n\n - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166).\n\n - kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166).\n\n - kvm: x86: Fix single-step debugging (bnc#1012382).\n\n - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382).\n\n - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382).\n\n - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382).\n\n - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382).\n\n - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810).\n\n - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811).\n\n - libnvdimm: Use max contiguous area for namespace size (bsc#1124780).\n\n - libnvdimm: fix ars_status output length calculation (bsc#1124777).\n\n - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).\n\n - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382).\n\n - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382).\n\n - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382).\n\n - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382).\n\n - mips: OCTEON: do not set octeon_dma_bar_type if PCI is disabled (bnc#1012382).\n\n - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds (bnc#1012382).\n\n - mips: bpf: fix encoding bug for mm_srlv32_op (bnc#1012382).\n\n - mips: cm: reprime error cause (bnc#1012382).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382).\n\n - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382).\n\n - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061).\n\n - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382).\n\n - modpost: validate symbol names also in find_elf_symbol (bnc#1012382).\n\n - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382).\n\n - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382).\n\n - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382).\n\n - net: Fix usage of pskb_trim_rcsum (bnc#1012382).\n\n - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382).\n\n - net: dp83640: expire old TX-skb (bnc#1012382).\n\n - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382).\n\n - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382).\n\n - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382).\n\n - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382).\n\n - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345).\n\n - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382).\n\n - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382).\n\n - net: systemport: Fix WoL with password after deep sleep (bnc#1012382).\n\n - net_sched: refetch skb protocol for each filter (bnc#1012382).\n\n - netrom: switch to sock timer API (bnc#1012382).\n\n - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014).\n\n - nfs: nfs_compare_mount_options always compare auth flavors (bnc#1012382).\n\n - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382).\n\n - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382).\n\n - ocfs2: do not clear bh uptodate for block read (bnc#1012382).\n\n - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382).\n\n - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382).\n\n - perf tools: Add Hygon Dhyana support (bnc#1012382).\n\n - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382).\n\n - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382).\n\n - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382).\n\n - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382).\n\n - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382).\n\n - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382).\n\n - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810).\n\n - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382).\n\n - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382).\n\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382).\n\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808).\n\n - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382).\n\n - rhashtable: Add rhashtable_lookup() (bnc#1012382).\n\n - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286).\n\n - rhashtable: add schedule points (bnc#1012382).\n\n - rhashtable: reorganize struct rhashtable layout (bnc#1012382).\n\n - s390/early: improve machine detection (bnc#1012382).\n\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382).\n\n - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382).\n\n - sata_rcar: fix deferred probing (bnc#1012382).\n\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n\n - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).\n\n - sched/wake_q: Reduce reference counting for special users (bsc#1050549).\n\n - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n\n - scsi: lpfc: Correct LCB RJT handling (bnc#1012382).\n\n - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796).\n\n - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108).\n\n - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108).\n\n - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108).\n\n - scsi: mpt3sas: Add an I/O barrier (bsc#1117108).\n\n - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108).\n\n - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108).\n\n - scsi: mpt3sas:\n Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108).\n\n - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108).\n\n - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108).\n\n - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108).\n\n - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108).\n\n - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).\n\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108).\n\n - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108).\n\n - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108).\n\n - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108).\n\n - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108).\n\n - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108).\n\n - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108).\n\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108).\n\n - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108).\n\n - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108).\n\n - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108).\n\n - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n\n - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108).\n\n - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108).\n\n - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix sparse warnings (bsc#1117108).\n\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108).\n\n - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108).\n\n - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108).\n\n - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108).\n\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n\n - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108).\n\n - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108).\n\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108).\n\n - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108).\n\n - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108).\n\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).\n\n - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108).\n\n - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108).\n\n - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108).\n\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108).\n\n - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108).\n\n - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108).\n\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).\n\n - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).\n\n - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108).\n\n - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108).\n\n - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108).\n\n - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108).\n\n - scsi: mpt3sas: Update MPI Headers (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '25.100.00.00' (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '26.100.00.00' (bsc#1117108).\n\n - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108).\n\n - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108).\n\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n\n - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108).\n\n - scsi: mpt3sas: check command status before attempting abort (bsc#1117108).\n\n - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108).\n\n - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108).\n\n - scsi: mpt3sas: fix an out of bound write (bsc#1117108).\n\n - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108).\n\n - scsi: mpt3sas: fix format overflow warning (bsc#1117108).\n\n - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108).\n\n - scsi: mpt3sas: fix possible memory leak (bsc#1117108).\n\n - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108).\n\n - scsi: mpt3sas: fix spelling mistake: 'disbale' -> 'disable' (bsc#1117108).\n\n - scsi: mpt3sas: lockless command submission (bsc#1117108).\n\n - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108).\n\n - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108).\n\n - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant copy_from_user in\n _ctl_getiocinfo (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant wmb (bsc#1117108).\n\n - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108).\n\n - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108).\n\n - scsi: mpt3sas: set default value for cb_idx (bsc#1117108).\n\n - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108).\n\n - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108).\n\n - scsi: mpt3sas: simplify task management functions (bsc#1117108).\n\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n\n - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108).\n\n - scsi: mpt3sas: use list_splice_init() (bsc#1117108).\n\n - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108).\n\n - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794).\n\n - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).\n\n - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355).\n\n - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382).\n\n - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382).\n\n - signal: Always notice exiting tasks (bnc#1012382).\n\n - signal: Better detection of synchronous signals (bnc#1012382).\n\n - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382).\n\n - skge: potential memory corruption in skge_get_regs() (bnc#1012382).\n\n - smack: fix access permissions for keyring (bnc#1012382).\n\n - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382).\n\n - soc/tegra: Do not leak device tree node reference (bnc#1012382).\n\n - staging: iio: ad7780: update voltage on read (bnc#1012382).\n\n - staging: iio: adc: ad7280a: handle error from\n __ad7280_read32() (bnc#1012382).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382).\n\n - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382).\n\n - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382).\n\n - test_hexdump: use memcpy instead of strncpy (bnc#1012382).\n\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382).\n\n - timekeeping: Use proper seqcount initializer (bnc#1012382).\n\n - tipc: use destination length for copy string (bnc#1012382).\n\n - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382).\n\n - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).\n\n - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).\n\n - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).\n\n - tty/n_hdlc: fix __might_sleep warning (bnc#1012382).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428).\n\n - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382).\n\n - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).\n\n - tty: Simplify tty->count math in tty_reopen() (bnc#1105428).\n\n - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).\n\n - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382).\n\n - ucc_geth: Reset BQL queue when stopping device (bnc#1012382).\n\n - udf: Fix BUG on corrupted inode (bnc#1012382).\n\n - um: Avoid marking pages with 'changed protection' (bnc#1012382).\n\n - usb: dwc2: Remove unnecessary kfree (bnc#1012382).\n\n - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382).\n\n - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382).\n\n - usb: phy: am335x: fix race condition in _probe (bnc#1012382).\n\n - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382).\n\n - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382).\n\n - video: clps711x-fb: release disp device node in probe() (bnc#1012382).\n\n - vt: invoke notifier on screen size change (bnc#1012382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382).\n\n - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382).\n\n - x86/a.out: Clear the dump structure initially (bnc#1012382).\n\n - x86/fpu: Add might_fault() to user_insn() (bnc#1012382).\n\n - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382).\n\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382).\n\n - x86/xen: dont add memory above max allowed allocation (bsc#1117645).\n\n - x86: respect memory size limiting via mem= parameter (bsc#1117645).\n\n - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382).\n\n - xfrm: refine validation of template and selector families (bnc#1012382).", "cvss3": {}, "published": "2019-03-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5391", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-274.NASL", "href": "https://www.tenable.com/plugins/nessus/122578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-274.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122578);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-5391\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)\");\n script_summary(english:\"Check for the openSUSE-2019-274 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive\nvarious bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-5391: Fixed a vulnerability, which allowed an\n attacker to cause a denial of service attack with low\n rates of packets targeting IP fragment re-assembly.\n (bsc#1103097)\n\n - CVE-2019-7221: Fixed a user-after-free vulnerability in\n the KVM hypervisor related to the emulation of a\n preemption timer, allowing an guest user/process to\n crash the host kernel. (bsc#1124732).\n\n - CVE-2019-7222: Fixed an information leakage in the KVM\n hypervisor related to handling page fault exceptions,\n which allowed a guest user/process to use this flaw to\n leak the host's stack memory contents to a guest\n (bsc#1124735).\n\nThe following non-security bugs were fixed :\n\n - ASoC: Intel: mrfld: fix uninitialized variable access\n (bnc#1012382).\n\n - ASoC: atom: fix a missing check of\n snd_pcm_lib_malloc_pages (bnc#1012382).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on\n i.MX8M (bnc#1012382).\n\n - Documentation/network: reword kernel version reference\n (bnc#1012382).\n\n - IB/core: type promotion bug in rdma_rw_init_one_mr() ().\n\n - IB/rxe: Fix incorrect cache cleanup in error flow ().\n\n - IB/rxe: replace kvfree with vfree ().\n\n - NFC: nxp-nci: Include unaligned.h instead of access_ok.h\n (bnc#1012382).\n\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413,\n ).\n\n - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq\n (bsc#1125446).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in\n ASUS Aspire F5-573G' (bnc#1012382).\n\n - Revert 'cifs: In Kconfig CONFIG_CIFS_POSIX needs depends\n on legacy (insecure cifs)' (bnc#1012382).\n\n - Revert 'exec: load_script: do not blindly truncate\n shebang string' (bnc#1012382).\n\n - Revert 'loop: Fix double mutex_unlock(&loop_ctl_mutex)\n in loop_control_ioctl()' (bnc#1012382).\n\n - Revert 'loop: Fold __loop_release into loop_release'\n (bnc#1012382).\n\n - Revert 'loop: Get rid of loop_index_mutex'\n (bnc#1012382).\n\n - Revert 'mmc: bcm2835: Fix DMA channel leak on probe\n error (bsc#1120902).'\n\n - Revert most of 4.4.174 (kabi).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1125000).\n\n - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return\n a value (bsc#1124775).\n\n - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).\n\n - alpha: fix page fault handling for r16-r18 targets\n (bnc#1012382).\n\n - alsa: compress: Fix stop handling on compressed capture\n streams (bnc#1012382).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5\n (bnc#1012382).\n\n - alsa: hda - Serialize codec registrations (bnc#1012382).\n\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk\n (bnc#1012382).\n\n - arc: perf: map generic branches to correct hardware\n condition (bnc#1012382).\n\n - arm64: KVM: Skip MMIO insn after emulation\n (bnc#1012382).\n\n - arm64: ftrace: do not adjust the LR value (bnc#1012382).\n\n - arm64: hyp-stub: Forbid kprobing of the hyp-stub\n (bnc#1012382).\n\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU\n (bnc#1012382).\n\n - arm: OMAP2+: hwmod: Fix some section annotations\n (bnc#1012382).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers\n after alignment (bnc#1012382).\n\n - arm: dts: Fix OMAP4430 SDP Ethernet startup\n (bnc#1012382).\n\n - arm: dts: da850-evm: Correct the sound card name\n (bnc#1012382).\n\n - arm: dts: kirkwood: Fix polarity of GPIO fan lines\n (bnc#1012382).\n\n - arm: dts: mmp2: fix TWSI2 (bnc#1012382).\n\n - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).\n\n - arm: pxa: avoid section mismatch warning (bnc#1012382).\n\n - batman-adv: Avoid WARN on net_device without parent in\n netns (bnc#1012382).\n\n - batman-adv: Force mac header to start of data on xmit\n (bnc#1012382).\n\n - bluetooth: Fix unnecessary error message for HCI request\n completion (bnc#1012382).\n\n - bnxt_re: Fix couple of memory leaks that could lead to\n IOMMU call traces (bsc#1020413).\n\n - can: bcm: check timer values before ktime conversion\n (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for\n non-existing skb by removing it (bnc#1012382).\n\n - ceph: clear inode pointer when snap realm gets dropped\n by its inode (bsc#1125809).\n\n - char/mwave: fix potential Spectre v1 vulnerability\n (bnc#1012382).\n\n - cifs: Always resolve hostname before reconnecting\n (bnc#1012382).\n\n - cifs: Do not count -ENODATA as failure for query\n directory (bnc#1012382).\n\n - cifs: Fix possible hang during async MTU reads and\n writes (bnc#1012382).\n\n - cifs: Limit memory used by lock request calls to a page\n (bnc#1012382).\n\n - cifs: check ntwrk_buf_start for NULL before\n dereferencing it (bnc#1012382).\n\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed\n (bnc#1012382).\n\n - cpufreq: intel_pstate: Fix HWP on boot CPU after system\n resume (bsc#1120017).\n\n - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer\n (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer\n (bnc#1012382).\n\n - cw1200: Fix concurrency use-after-free bugs in\n cw1200_hw_scan() (bnc#1012382).\n\n - dccp: fool proof ccid_hc_[rt]x_parse_options()\n (bnc#1012382).\n\n - debugfs: fix debugfs_rename parameter checking\n (bnc#1012382).\n\n - dlm: Do not swamp the CPU with callbacks queued during\n recovery (bnc#1012382).\n\n - dm thin: fix bug where bio that overwrites thin block\n ignores FUA (bnc#1012382).\n\n - dmaengine: imx-dma: fix wrong callback invoke\n (bnc#1012382).\n\n - drbd: Avoid Clang warning about pointless switch\n statment (bnc#1012382).\n\n - drbd: disconnect, if the wrong UUIDs are attached on a\n connected peer (bnc#1012382).\n\n - drbd: narrow rcu_read_lock in drbd_sync_handshake\n (bnc#1012382).\n\n - drbd: skip spurious timeout (ping-timeo) when failing\n promote (bnc#1012382).\n\n - drivers: core: Remove glue dirs from sysfs earlier\n (bnc#1012382).\n\n - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).\n\n - drm/i915: Block fbdev HPD processing during suspend\n (bsc#1106929)\n\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with\n WC set (bsc#1106929)\n\n - drm/modes: Prevent division by zero htotal\n (bnc#1012382).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1106929)\n\n - drm/vmwgfx: Return error code from\n vmw_execbuf_copy_fence_user (bsc#1106929)\n\n - enic: fix checksum validation for IPv6 (bnc#1012382).\n\n - exec: load_script: do not blindly truncate shebang\n string (bnc#1012382).\n\n - f2fs: fix wrong return value of f2fs_acl_create\n (bnc#1012382).\n\n - f2fs: move dir data flush to write checkpoint process\n (bnc#1012382).\n\n - f2fs: read page index before freeing (bnc#1012382).\n\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in\n shrink_dcache_sb() (bnc#1012382).\n\n - fs/epoll: drop ovflist branch prediction (bnc#1012382).\n\n - fs: add the fsnotify call to vfs_iter_write\n (bnc#1012382).\n\n - fs: do not scan the inode cache before SB_BORN is set\n (bnc#1012382).\n\n - fs: fix lost error code in dio_complete (bsc#1117744).\n\n - fuse: call pipe_buf_release() under pipe lock\n (bnc#1012382).\n\n - fuse: decrement NR_WRITEBACK_TEMP on the right page\n (bnc#1012382).\n\n - fuse: handle zero sized retrieve correctly\n (bnc#1012382).\n\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n\n - gdrom: fix a memory leak bug (bnc#1012382).\n\n - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bnc#1012382).\n\n - gpio: pl061: handle failed allocations (bnc#1012382).\n\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)\n\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset\n (bsc#1106929)\n\n - hid: debug: fix the ring buffer implementation\n (bnc#1012382).\n\n - hid: lenovo: Add checks to fix of_led_classdev_register\n (bnc#1012382).\n\n - hwmon: (lm80) Fix missing unlock on error in\n set_fan_div() (git-fixes).\n\n - hwmon: (lm80) fix a missing check of bus read in lm80\n probe (bnc#1012382).\n\n - hwmon: (lm80) fix a missing check of the status of SMBus\n read (bnc#1012382).\n\n - i2c-axxia: check for error conditions first\n (bnc#1012382).\n\n - igb: Fix an issue that PME is not enabled during runtime\n suspend (bnc#1012382).\n\n - inet: frags: add a pointer to struct netns_frags\n (bnc#1012382).\n\n - inet: frags: better deal with smp races (bnc#1012382).\n\n - inet: frags: break the 2GB limit for frags storage\n (bnc#1012382).\n\n - inet: frags: change inet_frags_init_net() return value\n (bnc#1012382).\n\n - inet: frags: do not clone skb in ip_expire()\n (bnc#1012382).\n\n - inet: frags: fix ip6frag_low_thresh boundary\n (bnc#1012382).\n\n - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB\n (bnc#1012382).\n\n - inet: frags: get rif of inet_frag_evicting()\n (bnc#1012382).\n\n - inet: frags: refactor ipfrag_init() (bnc#1012382).\n\n - inet: frags: refactor ipv6_frag_init() (bnc#1012382).\n\n - inet: frags: refactor lowpan_net_frag_init()\n (bnc#1012382).\n\n - inet: frags: remove inet_frag_maybe_warn_overflow()\n (bnc#1012382).\n\n - inet: frags: remove some helpers (bnc#1012382).\n\n - inet: frags: reorganize struct netns_frags\n (bnc#1012382).\n\n - inet: frags: use rhashtables for reassembly units\n (bnc#1012382).\n\n - input: bma150 - register input device after setting\n private data (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for touchpad in Lenovo\n V330-15ISK (bnc#1012382).\n\n - input: elantech - enable 3rd button support on Fujitsu\n CELSIUS H780 (bnc#1012382).\n\n - input: xpad - add support for SteelSeries Stratus Duo\n (bnc#1012382).\n\n - intel_pstate: Update frequencies of policy->cpus only\n from ->set_policy() (bsc#1120017).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons\n pointer (bnc#1012382).\n\n - ip: add helpers to process in-order fragments faster\n (bnc#1012382).\n\n - ip: frags: fix crash in ip_do_fragment() (bnc#1012382).\n\n - ip: process in-order fragments efficiently\n (bnc#1012382).\n\n - ip: use rb trees for IP frag queue (bnc#1012382).\n\n - ipfrag: really prevent allocation on netns exit\n (bnc#1012382).\n\n - ipv4: frags: precedence bug in ip_expire()\n (bnc#1012382).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to\n an address (bnc#1012382).\n\n - ipv6: frags: rewrite ip6_expire_frag_queue()\n (bnc#1012382).\n\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on\n their size (bnc#1012382).\n\n - isdn: hisax: hfc_pci: Fix a possible concurrency\n use-after-free bug in HFCPCI_l1hw() (bnc#1012382).\n\n - kABI: protect linux/kfifo.h include in hid-debug (kabi).\n\n - kABI: protect struct hda_bus (kabi).\n\n - kaweth: use skb_cow_head() to deal with cloned skbs\n (bnc#1012382).\n\n - kernel/exit.c: release ptraced tasks before\n zap_pid_ns_processes (bnc#1012382).\n\n - kernel/hung_task.c: break RCU locks based on jiffies\n (bnc#1012382).\n\n - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode()\n (bsc#1124166).\n\n - kvm: VMX: Missing part of upstream commit 904e14fb7cb9\n (bsc#1124166).\n\n - kvm: x86: Fix single-step debugging (bnc#1012382).\n\n - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as\n unsupported (bnc#1012382).\n\n - l2tp: copy 4 more bytes to linear part if necessary\n (bnc#1012382).\n\n - l2tp: fix reading optional fields of L2TPv3\n (bnc#1012382).\n\n - l2tp: remove l2specific_len dependency in l2tp_core\n (bnc#1012382).\n\n - libceph: avoid KEEPALIVE_PENDING races in\n ceph_con_keepalive() (bsc#1125810).\n\n - libnvdimm, pfn: Pad pfn namespaces relative to other\n regions (bsc#1124811).\n\n - libnvdimm: Use max contiguous area for namespace size\n (bsc#1124780).\n\n - libnvdimm: fix ars_status output length calculation\n (bsc#1124777).\n\n - locking/rwsem: Fix (possible) missed wakeup\n (bsc#1050549).\n\n - mac80211: ensure that mgmt tx skbs have tailroom for\n encryption (bnc#1012382).\n\n - mac80211: fix radiotap vendor presence bitmap handling\n (bnc#1012382).\n\n - media: DaVinci-VPBE: fix error handling in\n vpbe_initialize() (bnc#1012382).\n\n - memstick: Prevent memstick host from getting runtime\n suspended during card detection (bnc#1012382).\n\n - mips: OCTEON: do not set octeon_dma_bar_type if PCI is\n disabled (bnc#1012382).\n\n - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds\n builds (bnc#1012382).\n\n - mips: bpf: fix encoding bug for mm_srlv32_op\n (bnc#1012382).\n\n - mips: cm: reprime error cause (bnc#1012382).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec()\n (bnc#1012382).\n\n - mm, oom: fix use-after-free in oom_kill_process\n (bnc#1012382).\n\n - mm, page_alloc: drop should_suppress_show_mem\n (bnc#1125892, bnc#1106061).\n\n - mm: migrate: do not rely on __PageMovable() of newpage\n after unlocking it (bnc#1012382).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error\n (bsc#1120902).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during\n probe (bnc#1012382).\n\n - modpost: validate symbol names also in find_elf_symbol\n (bnc#1012382).\n\n - mtd: rawnand: gpmi: fix MX28 bus master lockup problem\n (bnc#1012382).\n\n - net/mlx4_core: Add masking for a few queries on HCA caps\n (bnc#1012382).\n\n - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382).\n\n - net: Fix usage of pskb_trim_rcsum (bnc#1012382).\n\n - net: bridge: Fix ethernet header pointer before check\n skb forwardable (bnc#1012382).\n\n - net: dp83640: expire old TX-skb (bnc#1012382).\n\n - net: dsa: slave: Do not propagate flag changes on down\n slave interfaces (bnc#1012382).\n\n - net: fix pskb_trim_rcsum_slow() with odd trim offset\n (bnc#1012382).\n\n - net: ieee802154: 6lowpan: fix frag reassembly\n (bnc#1012382).\n\n - net: ipv4: Fix memory leak in network namespace\n dismantle (bnc#1012382).\n\n - net: ipv4: do not handle duplicate fragments as\n overlapping (bnc#1012382 bsc#1116345).\n\n - net: modify skb_rbtree_purge to return the truesize of\n all purged skbs (bnc#1012382).\n\n - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends\n (bnc#1012382).\n\n - net: systemport: Fix WoL with password after deep sleep\n (bnc#1012382).\n\n - net_sched: refetch skb protocol for each filter\n (bnc#1012382).\n\n - netrom: switch to sock timer API (bnc#1012382).\n\n - nfit: fix unchecked dereference in acpi_nfit_ctl\n (bsc#1125014).\n\n - nfs: nfs_compare_mount_options always compare auth\n flavors (bnc#1012382).\n\n - nfsd4: fix crash on writing v4_end_grace before nfsd\n startup (bnc#1012382).\n\n - niu: fix missing checks of niu_pci_eeprom_read\n (bnc#1012382).\n\n - ocfs2: do not clear bh uptodate for block read\n (bnc#1012382).\n\n - openvswitch: Avoid OOB read when parsing flow nlattrs\n (bnc#1012382).\n\n - perf tests evsel-tp-sched: Fix bitwise operator\n (bnc#1012382).\n\n - perf tools: Add Hygon Dhyana support (bnc#1012382).\n\n - perf unwind: Take pgoff into account when reporting elf\n to libdwfl (bnc#1012382).\n\n - perf unwind: Unwind with libdw does not take symfs into\n account (bnc#1012382).\n\n - perf/core: Do not WARN() for impossible ring-buffer\n sizes (bnc#1012382).\n\n - perf/core: Fix impossible ring-buffer sizes warning\n (bnc#1012382).\n\n - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382).\n\n - pinctrl: msm: fix gpio-hog related boot issues\n (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34\n scan codes (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK\n (bnc#1012382).\n\n - platform/x86: thinkpad_acpi: Proper model/release\n matching (bsc#1099810).\n\n - powerpc/pseries: add of_node_put() in\n dlpar_detach_node() (bnc#1012382).\n\n - powerpc/uaccess: fix warning/error with access_ok()\n (bnc#1012382).\n\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl\n (bnc#1012382).\n\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING\n is set (bsc#1125808).\n\n - rcu: Force boolean subscript for expedited stall\n warnings (bnc#1012382).\n\n - rhashtable: Add rhashtable_lookup() (bnc#1012382).\n\n - rhashtable: add rhashtable_lookup_get_insert_key()\n (bnc#1012382 bsc#1042286).\n\n - rhashtable: add schedule points (bnc#1012382).\n\n - rhashtable: reorganize struct rhashtable layout\n (bnc#1012382).\n\n - s390/early: improve machine detection (bnc#1012382).\n\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU\n (bnc#1012382).\n\n - s390/smp: fix CPU hotplug deadlock with CPU rescan\n (bnc#1012382).\n\n - sata_rcar: fix deferred probing (bnc#1012382).\n\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n\n - sched/wake_q: Fix wakeup ordering for wake_q\n (bsc#1050549).\n\n - sched/wake_q: Reduce reference counting for special\n users (bsc#1050549).\n\n - scripts/decode_stacktrace: only strip base path when a\n prefix of the path (bnc#1012382).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi\n 5.0/scsi-fixes\n\n - scsi: lpfc: Correct LCB RJT handling (bnc#1012382).\n\n - scsi: lpfc: Correct MDS diag and nvmet configuration\n (bsc#1125796).\n\n - scsi: mpt3sas: API 's to support NVMe drive addition to\n SML (bsc#1117108).\n\n - scsi: mpt3sas: API's to remove nvme drive from sml\n (bsc#1117108).\n\n - scsi: mpt3sas: Add PCI device ID for Andromeda\n (bsc#1117108).\n\n - scsi: mpt3sas: Add an I/O barrier (bsc#1117108).\n\n - scsi: mpt3sas: Add ioc_<level> logging macros\n (bsc#1117108).\n\n - scsi: mpt3sas: Add nvme device support in slave alloc,\n target alloc and probe (bsc#1117108).\n\n - scsi: mpt3sas:\n Add-Task-management-debug-info-for-NVMe-drives\n (bsc#1117108).\n\n - scsi: mpt3sas: Added support for SAS Device Discovery\n Error Event (bsc#1117108).\n\n - scsi: mpt3sas: Added support for nvme encapsulated\n request message (bsc#1117108).\n\n - scsi: mpt3sas: Adding support for SAS3616 HBA device\n (bsc#1117108).\n\n - scsi: mpt3sas: Allow processing of events during driver\n unload (bsc#1117108).\n\n - scsi: mpt3sas: Annotate switch/case fall-through\n (bsc#1117108).\n\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue\n for SAS3.5 controllers when HBA supports more than 16\n MSI-x vectors (bsc#1117108).\n\n - scsi: mpt3sas: Bug fix for big endian systems\n (bsc#1117108).\n\n - scsi: mpt3sas: Bump mpt3sas driver version to\n v16.100.00.00 (bsc#1117108).\n\n - scsi: mpt3sas: Cache enclosure pages during enclosure\n add (bsc#1117108).\n\n - scsi: mpt3sas: Configure reply post queue depth, DMA and\n sgl tablesize (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and\n reply_q_name to %s: (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT\n without logging levels (bsc#1117108).\n\n - scsi: mpt3sas: Convert mlsleading uses of pr_<level>\n with MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Convert uses of pr_<level> with\n MPT3SAS_FMT to ioc_<level> (bsc#1117108).\n\n - scsi: mpt3sas: Display chassis slot information of the\n drive (bsc#1117108).\n\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives\n while processing Async Broadcast primitive event\n (bsc#1117108).\n\n - scsi: mpt3sas: Do not access the structure after\n decrementing it's instance reference count\n (bsc#1117108).\n\n - scsi: mpt3sas: Do not use 32-bit atomic request\n descriptor for Ventura controllers (bsc#1117108).\n\n - scsi: mpt3sas: Enhanced handling of Sense Buffer\n (bsc#1117108).\n\n - scsi: mpt3sas: Fix a race condition in\n mpt3sas_base_hard_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Fix calltrace observed while running IO &\n reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n\n - scsi: mpt3sas: Fix memory allocation failure test in\n 'mpt3sas_base_attach()' (bsc#1117108).\n\n - scsi: mpt3sas: Fix nvme drives checking for tlr\n (bsc#1117108).\n\n - scsi: mpt3sas: Fix possibility of using invalid\n Enclosure Handle for SAS device after host reset\n (bsc#1117108).\n\n - scsi: mpt3sas: Fix removal and addition of vSES device\n during host reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix sparse warnings (bsc#1117108).\n\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and\n other internal commands during controller reset\n (bsc#1117108).\n\n - scsi: mpt3sas: Fixed memory leaks in driver\n (bsc#1117108).\n\n - scsi: mpt3sas: For NVME device, issue a protocol level\n reset (bsc#1117108).\n\n - scsi: mpt3sas: Handle NVMe PCIe device related events\n generated from firmware (bsc#1117108).\n\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n\n - scsi: mpt3sas: Incorrect command status was set/marked\n as not used (bsc#1117108).\n\n - scsi: mpt3sas: Increase event log buffer to support 24\n port HBA's (bsc#1117108).\n\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer\n address (bsc#1117108).\n\n - scsi: mpt3sas: Introduce Base function for cloning\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi reply\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi request\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid()\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd\n (bsc#1117108).\n\n - scsi: mpt3sas: Lockless access for chain buffers\n (bsc#1117108).\n\n - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl\n command and log info (bsc#1117108).\n\n - scsi: mpt3sas: Optimize I/O memory consumption in driver\n (bsc#1117108).\n\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot\n time (bsc#1117108).\n\n - scsi: mpt3sas: Processing of Cable Exception events\n (bsc#1117108).\n\n - scsi: mpt3sas: Reduce memory footprint in kdump kernel\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove set-but-not-used variables\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove unnecessary parentheses and\n simplify null checks (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused variable requeue_event\n (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA\n Driver (bsc#1117108).\n\n - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe\n devices (bsc#1117108).\n\n - scsi: mpt3sas: Set NVMe device queue depth as 128\n (bsc#1117108).\n\n - scsi: mpt3sas: Split _base_reset_handler(),\n mpt3sas_scsih_reset_handler() and\n mpt3sas_ctl_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Swap I/O memory read value back to cpu\n endianness (bsc#1117108).\n\n - scsi: mpt3sas: Update MPI Headers (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '25.100.00.00'\n (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '26.100.00.00'\n (bsc#1117108).\n\n - scsi: mpt3sas: Update mpt3sas driver version\n (bsc#1117108).\n\n - scsi: mpt3sas: Updated MPI headers to v2.00.48\n (bsc#1117108).\n\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n\n - scsi: mpt3sas: always use first reserved smid for ioctl\n passthrough (bsc#1117108).\n\n - scsi: mpt3sas: check command status before attempting\n abort (bsc#1117108).\n\n - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108).\n\n - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event()\n (bsc#1117108).\n\n - scsi: mpt3sas: fix an out of bound write (bsc#1117108).\n\n - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108).\n\n - scsi: mpt3sas: fix format overflow warning\n (bsc#1117108).\n\n - scsi: mpt3sas: fix oops in error handlers after\n shutdown/unload (bsc#1117108).\n\n - scsi: mpt3sas: fix possible memory leak (bsc#1117108).\n\n - scsi: mpt3sas: fix pr_info message continuation\n (bsc#1117108).\n\n - scsi: mpt3sas: fix spelling mistake: 'disbale' ->\n 'disable' (bsc#1117108).\n\n - scsi: mpt3sas: lockless command submission\n (bsc#1117108).\n\n - scsi: mpt3sas: make function _get_st_from_smid static\n (bsc#1117108).\n\n - scsi: mpt3sas: open-code _scsih_scsi_lookup_get()\n (bsc#1117108).\n\n - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant copy_from_user in\n _ctl_getiocinfo (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant wmb (bsc#1117108).\n\n - scsi: mpt3sas: scan and add nvme device after controller\n reset (bsc#1117108).\n\n - scsi: mpt3sas: separate out _base_recovery_check()\n (bsc#1117108).\n\n - scsi: mpt3sas: set default value for cb_idx\n (bsc#1117108).\n\n - scsi: mpt3sas: simplify _wait_for_commands_to_complete()\n (bsc#1117108).\n\n - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm()\n (bsc#1117108).\n\n - scsi: mpt3sas: simplify task management functions\n (bsc#1117108).\n\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n\n - scsi: mpt3sas: switch to pci_alloc_irq_vectors\n (bsc#1117108).\n\n - scsi: mpt3sas: use list_splice_init() (bsc#1117108).\n\n - scsi: mpt3sas: wait for and flush running commands on\n shutdown/unload (bsc#1117108).\n\n - scsi: qla2xxx: Fix deadlock between ATIO and HW lock\n (bsc#1125794).\n\n - scsi: target: make the pi_prot_format ConfigFS path\n readable (bsc#1123933).\n\n - sd: disable logical block provisioning if 'lbpme' is not\n set (bsc#1086095 bsc#1078355).\n\n - seq_buf: Make seq_buf_puts() null-terminate the buffer\n (bnc#1012382).\n\n - serial: fsl_lpuart: clear parity enable bit when disable\n parity (bnc#1012382).\n\n - signal: Always notice exiting tasks (bnc#1012382).\n\n - signal: Better detection of synchronous signals\n (bnc#1012382).\n\n - signal: Restore the stop PTRACE_EVENT_EXIT\n (bnc#1012382).\n\n - skge: potential memory corruption in skge_get_regs()\n (bnc#1012382).\n\n - smack: fix access permissions for keyring (bnc#1012382).\n\n - smsc95xx: Use skb_cow_head to deal with cloned skbs\n (bnc#1012382).\n\n - soc/tegra: Do not leak device tree node reference\n (bnc#1012382).\n\n - staging: iio: ad7780: update voltage on read\n (bnc#1012382).\n\n - staging: iio: adc: ad7280a: handle error from\n __ad7280_read32() (bnc#1012382).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121\n rev B1 (bnc#1012382).\n\n - staging:iio:ad2s90: Make probe handle spi_setup failure\n (bnc#1012382).\n\n - sunvdc: Do not spin in an infinite loop when\n vio_ldc_send() returns EAGAIN (bnc#1012382).\n\n - test_hexdump: use memcpy instead of strncpy\n (bnc#1012382).\n\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON\n is not set (bnc#1012382).\n\n - timekeeping: Use proper seqcount initializer\n (bnc#1012382).\n\n - tipc: use destination length for copy string\n (bnc#1012382).\n\n - tracing/uprobes: Fix output for multiple string\n arguments (bnc#1012382).\n\n - tty/ldsem: Add lockdep asserts for ldisc_sem\n (bnc#1105428).\n\n - tty/ldsem: Convert to regular lockdep annotations\n (bnc#1105428).\n\n - tty/ldsem: Decrement wait_readers on timeouted\n down_read() (bnc#1105428).\n\n - tty/n_hdlc: fix __might_sleep warning (bnc#1012382).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc\n present (bnc#1105428).\n\n - tty: Handle problem if line discipline does not have\n receive_buf (bnc#1012382).\n\n - tty: Hold tty_ldisc_lock() during tty_reopen()\n (bnc#1105428).\n\n - tty: Simplify tty->count math in tty_reopen()\n (bnc#1105428).\n\n - tty: fix data race between tty_init_dev and flush of buf\n (bnc#1105428).\n\n - tty: serial: samsung: Properly set flags in autoCTS mode\n (bnc#1012382).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define\n (bnc#1012382).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr\n (bnc#1012382).\n\n - ucc_geth: Reset BQL queue when stopping device\n (bnc#1012382).\n\n - udf: Fix BUG on corrupted inode (bnc#1012382).\n\n - um: Avoid marking pages with 'changed protection'\n (bnc#1012382).\n\n - usb: dwc2: Remove unnecessary kfree (bnc#1012382).\n\n - usb: gadget: udc: net2272: Fix bitwise and boolean\n operations (bnc#1012382).\n\n - usb: hub: delay hub autosuspend if USB3 port is still\n link training (bnc#1012382).\n\n - usb: phy: am335x: fix race condition in _probe\n (bnc#1012382).\n\n - usb: serial: pl2303: add new PID to support PL2303TB\n (bnc#1012382).\n\n - usb: serial: simple: add Motorola Tetra TPG2200 device\n id (bnc#1012382).\n\n - video: clps711x-fb: release disp device node in probe()\n (bnc#1012382).\n\n - vt: invoke notifier on screen size change (bnc#1012382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal\n error in mce_no_way_out() (bnc#1012382).\n\n - x86/PCI: Fix Broadcom CNB20LE unintended sign extension\n (redux) (bnc#1012382).\n\n - x86/a.out: Clear the dump structure initially\n (bnc#1012382).\n\n - x86/fpu: Add might_fault() to user_insn() (bnc#1012382).\n\n - x86/kaslr: Fix incorrect i8254 outb() parameters\n (bnc#1012382).\n\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS\n calls (bnc#1012382).\n\n - x86/xen: dont add memory above max allowed allocation\n (bsc#1117645).\n\n - x86: respect memory size limiting via mem= parameter\n (bsc#1117645).\n\n - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi\n (bnc#1012382).\n\n - xfrm: refine validation of template and selector\n families (bnc#1012382).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7221\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.175-89.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:21:15", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)\n\nCVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nCVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158).\n</pid></pid>\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1120", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-5391", "CVE-2018-9568", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0541-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122609);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2018-1120\",\n \"CVE-2018-5391\",\n \"CVE-2018-9568\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-19407\",\n \"CVE-2018-19824\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free. (bnc#1124728)\n\nCVE-2019-7221: Fixed a user-after-free vulnerability in the KVM\nhypervisor related to the emulation of a preemption timer, allowing an\nguest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor\nrelated to handling page fault exceptions, which allowed a guest\nuser/process to use this flaw to leak the host's stack memory contents\nto a guest (bsc#1124735).\n\nCVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory\ncontaining command line arguments (or environment strings), an\nattacker could have caused utilities from psutils or procps (such as\nps, w) or any other program which made a read() call to the\n/proc/<pid>/cmdline (or /proc/<pid>/environ) files to block\nindefinitely (denial of service) or for some controlled time (as a\nsynchronization primitive for other attacks) (bnc#1093158).\n</pid></pid>\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache\nsubsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages\nfrom cleancache and the old file data instead of the new one\n(bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-5391: The Linux kernel was vulnerable to a denial of service\nattack with low rates of specially modified packets targeting IP\nfragment re-assembly. An attacker may cause a denial of service\ncondition by sending specially crafted IP fragments. Various\nvulnerabilities in IP fragmentation have been discovered and fixed\nover the years. The current vulnerability (CVE-2018-5391) became\nexploitable in the Linux kernel with the increase of the IP fragment\nreassembly queue size (bnc#1103097).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation. (bnc#1118319).\n\nCVE-2019-3459,CVE-2019-3460: Two remote information leak\nvulnerabilities in the Bluetooth stack were fixed that could\npotentially leak kernel information (bsc#1120758)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=985031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19407/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19824/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5391/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3754f527\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2019-541=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-541=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.175-94.79.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:48", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/132474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0247. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132474);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\"\n );\n script_bugtraq_id(\n 105120,\n 105761,\n 106253,\n 106478,\n 106565,\n 107782,\n 107910,\n 108076,\n 108113,\n 108286,\n 108372,\n 108410,\n 108488,\n 108521,\n 108547,\n 108817\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing\n the key length negotiation. This allows practical brute-\n force attacks (aka KNOB) that can decrypt traffic and\n inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0247\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"bpftool-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-core-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"perf-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"python-perf-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\"\n ],\n \"CGSL MAIN 5.05\": [\n \"bpftool-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"perf-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"python-perf-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:33", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/132495", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0253. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132495);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\"\n );\n script_bugtraq_id(\n 105120,\n 105761,\n 106253,\n 106478,\n 106565,\n 107782,\n 107910,\n 108076,\n 108113,\n 108286,\n 108372,\n 108410,\n 108488,\n 108521,\n 108547,\n 108817\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing\n the key length negotiation. This allows practical brute-\n force attacks (aka KNOB) that can decrypt traffic and\n inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0253\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\"\n ],\n \"CGSL MAIN 5.05\": [\n \"kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:21:47", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2851 advisory.\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:2851)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20169", "CVE-2018-7191", "CVE-2019-11487", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15916", "CVE-2019-18660", "CVE-2019-3901", "CVE-2020-12888"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-2851.NASL", "href": "https://www.tenable.com/plugins/nessus/138171", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2851. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138171);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-7191\",\n \"CVE-2018-20169\",\n \"CVE-2019-3901\",\n \"CVE-2019-11487\",\n \"CVE-2019-13233\",\n \"CVE-2019-14821\",\n \"CVE-2019-15916\",\n \"CVE-2019-18660\",\n \"CVE-2020-12888\"\n );\n script_bugtraq_id(\n 89937,\n 108054,\n 108380,\n 109055\n );\n script_xref(name:\"RHSA\", value:\"2020:2851\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:2851)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2851 advisory.\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-7191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1660385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1703063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1716328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1746708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1750813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1836244\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 248, 362, 400, 416, 476, 667, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-7191', 'CVE-2018-20169', 'CVE-2019-3901', 'CVE-2019-11487', 'CVE-2019-13233', 'CVE-2019-14821', 'CVE-2019-15916', 'CVE-2019-18660', 'CVE-2020-12888');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:2851');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.56.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.56.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:26:34", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-10638: A device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575).\n\n - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed.\n This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping).\n For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).\n\n - CVE-2019-13233: In arch/x86/lib/insn-eval.c there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).\n\n - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).\n\n - CVE-2019-10126: A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).\n\n - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1133738).\n\n - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bnc#1138263).\n\n - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\n - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed.\n (bnc#1137103).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).\n\n - Abort file_remove_privs() for non-reg. files (bsc#1140888).\n\n - ACPICA: Clear status of GPEs on first direct enable (bsc#1111666).\n\n - ACPI: PM: Allow transitions to D0 to occur in special cases (bsc#1051510).\n\n - ACPI: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510).\n\n - af_key: unconditionally clone on broadcast (bsc#1051510).\n\n - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).\n\n - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).\n\n - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).\n\n - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).\n\n - alsa: line6: Fix write on zero-sized buffer (bsc#1051510).\n\n - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510).\n\n - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666).\n\n - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).\n\n - apparmor: enforce nullbyte at end of tag string (bsc#1051510).\n\n - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666).\n\n - audit: fix a memory leak bug (bsc#1051510).\n\n - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).\n\n - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).\n\n - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771).\n\n - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).\n\n - bpf, devmap: Add missing bulk queue free (bsc#1109837).\n\n - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837).\n\n - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837).\n\n - bpf: devmap: fix use-after-free Read in\n __dev_map_entry_free (bsc#1109837).\n\n - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837).\n\n - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837).\n\n - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837).\n\n - bpf: sockmap remove duplicate queue free (bsc#1109837).\n\n - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837).\n\n - can: af_can: Fix error path of can_init() (bsc#1051510).\n\n - can: flexcan: fix timeout when set small bitrate (bsc#1051510).\n\n - can: purge socket error queue on sock destruct (bsc#1051510).\n\n - ceph: factor out ceph_lookup_inode() (bsc#1138681).\n\n - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).\n\n - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount (bsc#1140405).\n\n - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681).\n\n - ceph: quota: fix quota subdir mounts (bsc#1138681).\n\n - ceph: remove duplicated filelock ref increase (bsc#1138681).\n\n - cfg80211: fix memory leak of wiphy device name (bsc#1051510).\n\n - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).\n\n - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).\n\n - coresight: etb10: Fix handling of perf mode (bsc#1051510).\n\n - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).\n\n - cpu/topology: Export die_id (jsc#SLE-5454).\n\n - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401).\n\n - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).\n\n - crypto: user - prevent operating on larval algorithms (bsc#1133401).\n\n - dax: Fix xarray entry association for mixed mappings (bsc#1140893).\n\n - device core: Consolidate locking and unlocking of parent and device (bsc#1106383).\n\n - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).\n\n - doc: Cope with the deprecation of AutoReporter (bsc#1051510).\n\n - Documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187).\n\n - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954).\n\n - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).\n\n - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383).\n\n - driver core: Probe devices asynchronously instead of the driver (bsc#1106383).\n\n - drivers/base/devres: introduce devm_release_action() (bsc#1103992).\n\n - drivers/base/devres: introduce devm_release_action() (bsc#1103992 FATE#326009).\n\n - drivers/base: Introduce kill_device() (bsc#1139865).\n\n - drivers/base: kABI fixes for struct device_private (bsc#1106383).\n\n - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).\n\n - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).\n\n - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510).\n\n - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510).\n\n - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510).\n\n - drivers: thermal: tsens: Do not print error message on\n -EPROBE_DEFER (bsc#1051510).\n\n - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510).\n\n - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666).\n\n - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666).\n\n - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).\n\n - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666).\n\n - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666).\n\n - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666).\n\n - drm: Fix drm_release() and device unplug (bsc#1111666).\n\n - drm/i915: Add new AML_ULX support list (jsc#SLE-4986).\n\n - drm/i915: Add new ICL PCI ID (jsc#SLE-4986).\n\n - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).\n\n - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986).\n\n - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986).\n\n - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).\n\n - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).\n\n - drm/i915/dmc: protect against reading random memory (bsc#1051510).\n\n - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986).\n\n - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).\n\n - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).\n\n - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).\n\n - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).\n\n - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986).\n\n - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986).\n\n - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986).\n\n - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).\n\n - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986).\n\n - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666).\n\n - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666).\n\n - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666).\n\n - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666).\n\n - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).\n\n - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891).\n\n - failover: allow name change on IFF_UP slave interfaces (bsc#1109837).\n\n - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) \n\n - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889).\n\n - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887).\n\n - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887).\n\n - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995).\n\n - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487).\n\n - genirq: Prevent use-after-free and work list corruption (bsc#1051510).\n\n - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510).\n\n - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).\n\n - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510).\n\n - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)).\n\n - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)).\n\n - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).\n\n - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).\n\n - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735).\n\n - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).\n\n - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735).\n\n - hwmon: (k10temp) Add support for family 17h (FATE#327735).\n\n - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735).\n\n - hwmon: (k10temp) Add support for temperature offsets (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735).\n\n - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735).\n\n - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).\n\n - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735).\n\n - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735).\n\n - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735).\n\n - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735).\n\n - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735).\n\n - hwmon: k10temp: Support Threadripper 2920X, 2970WX;\n simplify offset table (FATE#327735).\n\n - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735).\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735).\n\n - i2c: acorn: fix i2c warning (bsc#1135642).\n\n - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374).\n\n - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374).\n\n - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374).\n\n - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374).\n\n - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374).\n\n - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374).\n\n - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).\n\n - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Create inline to get extended headers (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Validate fault injection opcode user input (bsc#1114685 FATE#325854).\n\n - IB/mlx5: Verify DEVX general object type correctly (bsc#1103991 FATE#326007).\n\n - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).\n\n - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).\n\n - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510).\n\n - iommu/amd: Make iommu_disable safer (bsc#1140955).\n\n - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510).\n\n - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956).\n\n - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666).\n\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510).\n\n - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957).\n\n - iommu: Use right function to get group for device (bsc#1140958).\n\n - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959).\n\n - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960).\n\n - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961).\n\n - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962).\n\n - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964).\n\n - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666).\n\n - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732).\n\n - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510).\n\n - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510).\n\n - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228).\n\n - kabi fixup blk_mq_register_dev() (bsc#1140637).\n\n - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056).\n\n - kabi workaround for asus-wmi changes (bsc#1051510).\n\n - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).\n\n - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).\n\n - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971).\n\n - kvm: x86: fix return value for reserved EFER (bsc#1140992).\n\n - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).\n\n - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).\n\n - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972).\n\n - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).\n\n - libceph: assign cookies in linger_submit() (bsc#1135897).\n\n - libceph: check reply num_data_items in setup_request_data() (bsc#1135897).\n\n - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).\n\n - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).\n\n - libceph: introduce alloc_watch_request() (bsc#1135897).\n\n - libceph: introduce ceph_pagelist_alloc() (bsc#1135897).\n\n - libceph: preallocate message data items (bsc#1135897).\n\n - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master.\n\n - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).\n\n - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).\n\n - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).\n\n - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).\n\n - mac80211: drop robust management frames from unknown TA (bsc#1051510).\n\n - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).\n\n - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).\n\n - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510).\n\n - mISDN: make sure device name is NUL terminated (bsc#1051510).\n\n - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374).\n\n - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374).\n\n - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374).\n\n - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374).\n\n - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374).\n\n - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).\n\n - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374).\n\n - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).\n\n - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374).\n\n - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374).\n\n - mmc: core: complete HS400 before checking status (bsc#1111666).\n\n - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).\n\n - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992 FATE#326009).\n\n - mm: fix race on soft-offlining free huge pages (bsc#1139712). \n\n - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). \n\n - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). \n\n - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) \n\n - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). \n\n - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). \n\n - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). \n\n - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). \n\n - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)).\n\n - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)).\n\n - mm: soft-offline: close the race against page allocation (bsc#1139712). \n\n - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). \n\n - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). \n\n - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)).\n\n - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487).\n\n - net: core: support XDP generic on stacked devices (bsc#1109837).\n\n - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990 FATE#326006).\n\n - net: ena: add ethtool function for changing io queue sizes (bsc#1138879).\n\n - net: ena: add good checksum counter (bsc#1138879).\n\n - net: ena: add handling of llq max tx burst size (bsc#1138879).\n\n - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879).\n\n - net: ena: add newline at the end of pr_err prints (bsc#1138879).\n\n - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879).\n\n - net: ena: allow automatic fallback to polling mode (bsc#1138879).\n\n - net: ena: allow queue allocation backoff when low on memory (bsc#1138879).\n\n - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879).\n\n - net: ena: enable negotiating larger Rx ring size (bsc#1138879).\n\n - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879).\n\n - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879).\n\n - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879).\n\n - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879).\n\n - net: ena: fix incorrect test of supported hash function (bsc#1138879).\n\n - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879).\n\n - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879).\n\n - net: ena: gcc 8: fix compilation warning (bsc#1138879).\n\n - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879).\n\n - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879).\n\n - net: ena: optimise calculations for CQ doorbell (bsc#1138879).\n\n - net: ena: remove inline keyword from functions in *.c (bsc#1138879).\n\n - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879).\n\n - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879).\n\n - net: ena: use dev_info_once instead of static variable (bsc#1138879).\n\n - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836).\n\n - net: Fix missing meta data in skb with vlan packet (bsc#1109837).\n\n - net/mlx5: Avoid reloading already removed devices (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837).\n\n - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 FATE#326006).\n\n - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990 FATE#326006).\n\n - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 FATE#326006).\n\n - net/mlx5: Set completion EQs as shared resources (bsc#1103991 FATE#326007).\n\n - net/mlx5: Update pci error handler entries and command translation (bsc#1103991 FATE#326007).\n\n - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).\n\n - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).\n\n - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).\n\n - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113 FATE#326472).\n\n - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837).\n\n - net/sched: cbs: fix port_rate miscalculation (bsc#1109837).\n\n - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837).\n\n - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837).\n\n - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837).\n\n - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837).\n\n - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837).\n\n - net/tls: do not leak IV and record seq when offload fails (bsc#1109837).\n\n - net/tls: do not leak partially sent record in device mode (bsc#1109837).\n\n - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837).\n\n - net/tls: fix copy to fragments in reencrypt (bsc#1109837).\n\n - net/tls: fix page double free on TX cleanup (bsc#1109837).\n\n - net/tls: fix refcount adjustment in fallback (bsc#1109837).\n\n - net/tls: fix state removal with feature flags off (bsc#1109837).\n\n - net/tls: fix the IV leaks (bsc#1109837).\n\n - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837).\n\n - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837).\n\n - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837).\n\n - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).\n\n - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).\n\n - nfit/ars: Avoid stale ARS results (jsc#SLE-5433).\n\n - nfit/ars: Introduce scrub_flags (jsc#SLE-5433).\n\n - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837).\n\n - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837).\n\n - nl80211: fix station_info pertid memory leak (bsc#1051510).\n\n - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).\n\n - nvme: copy MTFA field from identify controller (bsc#1140715).\n\n - nvme-rdma: fix double freeing of async event data (bsc#1120423).\n\n - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).\n\n - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).\n\n - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803).\n\n - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803 FATE#327056).\n\n - pci: Do not poll for PME if the device is in D3cold (bsc#1051510).\n\n - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803).\n\n - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056).\n\n - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803).\n\n - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).\n\n - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992).\n\n - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992 FATE#326009).\n\n - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).\n\n - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).\n\n - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).\n\n - pinctrl/amd: add get_direction handler (bsc#1140463).\n\n - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463).\n\n - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463).\n\n - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463).\n\n - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463).\n\n - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463).\n\n - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374).\n\n - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374).\n\n - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374).\n\n - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374).\n\n - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994).\n\n - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).\n\n - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374).\n\n - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374).\n\n - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Remove unused define (bsc#1112374).\n\n - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374).\n\n - PM: ACPI/PCI: Resume all devices during hibernation (bsc#1111666).\n\n - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).\n\n - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).\n\n - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454).\n\n - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106).\n\n - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).\n\n - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).\n\n - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159).\n\n - ppp: mppe: Add softdep to arc4 (bsc#1088047).\n\n - ptrace: Fix -$gt;ptracer_cred handling for PTRACE_TRACEME (git-fixes).\n\n - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes).\n\n - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666).\n\n - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462).\n\n - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).\n\n - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).\n\n - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).\n\n - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).\n\n - qmi_wwan: Fix out-of-bounds read (bsc#1111666).\n\n - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).\n\n - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).\n\n - RAS/CEC: Fix binary search function (bsc#1114279).\n\n - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).\n\n - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992).\n\n - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992 FATE#326009).\n\n - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991).\n\n - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991 FATE#326007).\n\n - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991).\n\n - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991 FATE#326007).\n\n - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992).\n\n - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992 FATE#326009).\n\n - Refresh patches.fixes/scsi-Introduce-scsi_start_queue.patch (bsc#1119532).\n\n - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510).\n\n - Replace the bluetooth fix with the upstream commit (bsc#1135556)\n\n - Reshuffle patches to match series_sort.py\n\n - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1138879).\n\n - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990).\n\n - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990 FATE#326006).\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()''\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)\n\n - Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).' This broke the build with older gcc instead.\n\n - Revert 'Sign non-x86 kernels when possible (boo#1134303)' This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now.\n\n - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133).\n\n - rpm/package-descriptions: fix typo in kernel-azure\n\n - rpm/post.sh: correct typo in err msg (bsc#1137625)\n\n - s390/dasd: fix using offset into zero size array error (bsc#1051510).\n\n - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).\n\n - s390/pci: improve bar check (jsc#SLE-5803).\n\n - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).\n\n - s390/pci: map IOV resources (jsc#SLE-5803).\n\n - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).\n\n - s390/pci: skip VF scanning (jsc#SLE-5803).\n\n - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).\n\n - s390/qeth: fix race when initializing the IP address table (bsc#1051510).\n\n - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).\n\n - s390/setup: fix early warning messages (bsc#1051510).\n\n - s390/virtio: handle find on invalid queue gracefully (bsc#1051510).\n\n - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).\n\n - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).\n\n - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.\n\n - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes\n\n - scripts/git_sort/git_sort.py: drop old scsi branches\n\n - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161).\n\n - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: fix spelling mistake 'Retreiving' -gt;\n 'Retrieving' (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264).\n\n - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).\n\n - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343).\n\n - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156).\n\n - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271).\n\n - scsi: megaraid_sas: correct an info message (bsc#1136271).\n\n - scsi: megaraid_sas: driver version update (bsc#1136271).\n\n - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271).\n\n - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).\n\n - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).\n\n - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271).\n\n - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717).\n\n - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Fix spelling mistake 'OUSTANDING' -> 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727).\n\n - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).\n\n - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).\n\n - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).\n\n - scsi: zfcp: fix missing zfcp_port reference put on\n -EBUSY from port_remove (bsc#1051510).\n\n - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).\n\n - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510).\n\n - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).\n\n - signal/ptrace: Do not leak uninitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes).\n\n - smb3: Fix endian warning (bsc#1137884).\n\n - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510).\n\n - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).\n\n - sort patches to proper position\n\n - squash patches.fixes/tcp-fix-fack_count-accounting-on-tcp_shift\n _skb_data.patch into patches.fixes/tcp-limit-payload-size-of-sacked-skbs.patc h to match what stable backports do\n\n - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510).\n\n - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510).\n\n - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)\n\n - svm: Add warning message for AVIC IPI invalid target (bsc#1140133).\n\n - svm: Fix AVIC incomplete IPI emulation (bsc#1140133).\n\n - sysctl: handle overflow in proc_get_long (bsc#1051510).\n\n - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).\n\n - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).\n\n - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).\n\n - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).\n\n - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).\n\n - tools: bpftool: fix infinite loop in map create (bsc#1109837).\n\n - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).\n\n - topology: Create package_cpus sysfs attribute (jsc#SLE-5454).\n\n - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).\n\n - tty: max310x: Fix external crystal register setup (bsc#1051510).\n\n - typec: tcpm: fix compiler warning about stupid things (git-fixes).\n\n - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).\n\n - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).\n\n - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).\n\n - usbnet: ipheth: fix racing condition (bsc#1051510).\n\n - usb: serial: fix initial-termios handling (bsc#1135642).\n\n - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).\n\n - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).\n\n - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).\n\n - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).\n\n - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).\n\n - usb: xhci: avoid NULL pointer deref when bos field is NULL (bsc#1135642).\n\n - vfio: ccw: only free cp on final interrupt (bsc#1051510).\n\n - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).\n\n - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).\n\n - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279).\n\n - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).\n\n - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions.\n\n - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).\n\n - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187).\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735).\n\n - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).\n\n - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).\n\n - x86/microcode: Fix microcode hotplug state (bsc#1114279).\n\n - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).\n\n - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).\n\n - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).\n\n - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).\n\n - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).\n\n - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).\n\n - x86/topology: Define topology_die_id() (jsc#SLE-5454).\n\n - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).\n\n - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187).\n\n - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187).\n\n - x86/umwait: Initialize umwait control values (jsc#SLE-5187).\n\n - xdp: check device pointer before clearing (bsc#1109837).\n\n - (nl,mac)80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510).", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11599", "CVE-2019-12614", "CVE-2019-12817", "CVE-2019-13233"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla"], "id": "OPENSUSE-2019-1757.NASL", "href": "https://www.tenable.com/plugins/nessus/126897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1757.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126897);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2018-20836\", \"CVE-2019-10126\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11599\", \"CVE-2019-12614\", \"CVE-2019-12817\", \"CVE-2019-13233\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757)\");\n script_summary(english:\"Check for the openSUSE-2019-1757 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-10638: A device could be tracked by an attacker\n using the IP ID values the kernel produces for\n connection-less protocols (e.g., UDP and ICMP). When\n such traffic is sent to multiple destination IP\n addresses, it is possible to obtain hash collisions (of\n indices to the counter array) and thereby obtain the\n hashing key (via enumeration). An attack may be\n conducted by hosting a crafted web page that uses WebRTC\n or gQUIC to force UDP traffic to attacker-controlled IP\n addresses (bnc#1140575).\n\n - CVE-2019-10639: The Linux kernel allowed Information\n Exposure (partial kernel address disclosure), leading to\n a KASLR bypass. Specifically, it is possible to extract\n the KASLR kernel image offset using the IP ID values the\n kernel produces for connection-less protocols (e.g., UDP\n and ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby\n obtain the hashing key (via enumeration). This key\n contains enough bits from a kernel address (of a static\n variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed.\n This attack can be carried out remotely, by the attacker\n forcing the target device to send UDP or ICMP (or\n certain other) traffic to attacker-controlled IP\n addresses. Forcing a server to send UDP traffic is\n trivial if the server is a DNS server. ICMP traffic is\n trivial if the server answers ICMP Echo requests (ping).\n For client targets, if the target visits the attacker's\n web page, then WebRTC or gQUIC can be used to force UDP\n traffic to attacker-controlled IP addresses. NOTE: this\n attack against KASLR became viable in 4.1 because IP ID\n generation was changed to have a dependency on an\n address associated with a network namespace\n (bnc#1140577).\n\n - CVE-2019-13233: In arch/x86/lib/insn-eval.c there was a\n use-after-free for access to an LDT entry because of a\n race condition between modify_ldt() and a #BR exception\n for an MPX bounds violation (bnc#1140454).\n\n - CVE-2018-20836: There was a race condition in\n smp_task_timedout() and smp_task_done() in\n drivers/scsi/libsas/sas_expander.c, leading to a\n use-after-free (bnc#1134395).\n\n - CVE-2019-10126: A heap based buffer overflow in\n mwifiex_uap_parse_tail_ies function in\n drivers/net/wireless/marvell/mwifiex/ie.c might have\n lead to memory corruption and possibly other\n consequences (bnc#1136935).\n\n - CVE-2019-11599: The coredump implementation in the Linux\n kernel did not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allowed local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c (bnc#1133738).\n\n - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c\n in the Linux kernel for powerpc has a bug where\n unrelated processes may be able to read/write to one\n another's virtual memory under certain conditions via an\n mmap above 512 TB. Only a subset of powerpc systems are\n affected (bnc#1138263).\n\n - CVE-2019-12614: An issue was discovered in\n dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel. There was an unchecked kstrdup of prop->name,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash)\n (bnc#1137194).\n\n - CVE-2018-16871: A NULL pointer dereference due to an\n anomalized NFS message sequence was fixed.\n (bnc#1137103).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).\n\n - Abort file_remove_privs() for non-reg. files\n (bsc#1140888).\n\n - ACPICA: Clear status of GPEs on first direct enable\n (bsc#1111666).\n\n - ACPI: PM: Allow transitions to D0 to occur in special\n cases (bsc#1051510).\n\n - ACPI: PM: Avoid evaluating _PS3 on transitions from\n D3hot to D3cold (bsc#1051510).\n\n - af_key: unconditionally clone on broadcast\n (bsc#1051510).\n\n - alsa: firewire-lib/fireworks: fix miss detection of\n received MIDI messages (bsc#1051510).\n\n - alsa: hda - Force polling mode on CNL for fixing codec\n communication (bsc#1051510).\n\n - alsa: hda/realtek: Add quirks for several Clevo notebook\n barebones (bsc#1051510).\n\n - alsa: hda/realtek - Change front mic location for Lenovo\n M710q (bsc#1051510).\n\n - alsa: line6: Fix write on zero-sized buffer\n (bsc#1051510).\n\n - alsa: seq: fix incorrect order of dest_client/dest_ports\n arguments (bsc#1051510).\n\n - alsa: usb-audio: Fix parse of UAC2 Extension Units\n (bsc#1111666).\n\n - alsa: usb-audio: fix sign unintended sign extension on\n left shifts (bsc#1051510).\n\n - apparmor: enforce nullbyte at end of tag string\n (bsc#1051510).\n\n - ASoC: cx2072x: fix integer overflow on unsigned int\n multiply (bsc#1111666).\n\n - audit: fix a memory leak bug (bsc#1051510).\n\n - ax25: fix inconsistent lock state in ax25_destroy_timer\n (bsc#1051510).\n\n - blk-mq: free hw queue's resource in hctx's release\n handler (bsc#1140637).\n\n - block: Fix a NULL pointer dereference in\n generic_make_request() (bsc#1139771).\n\n - bluetooth: Fix faulty expression for minimum encryption\n key size check (bsc#1140328).\n\n - bpf, devmap: Add missing bulk queue free (bsc#1109837).\n\n - bpf, devmap: Add missing RCU read lock on flush\n (bsc#1109837).\n\n - bpf, devmap: Fix premature entry free on destroying map\n (bsc#1109837).\n\n - bpf: devmap: fix use-after-free Read in\n __dev_map_entry_free (bsc#1109837).\n\n - bpf: lpm_trie: check left child of last leftmost node\n for NULL (bsc#1109837).\n\n - bpf: sockmap fix msg->sg.size account on ingress skb\n (bsc#1109837).\n\n - bpf: sockmap, fix use after free from sleep in psock\n backlog workqueue (bsc#1109837).\n\n - bpf: sockmap remove duplicate queue free (bsc#1109837).\n\n - bpf, tcp: correctly handle DONT_WAIT flags and timeo ==\n 0 (bsc#1109837).\n\n - can: af_can: Fix error path of can_init() (bsc#1051510).\n\n - can: flexcan: fix timeout when set small bitrate\n (bsc#1051510).\n\n - can: purge socket error queue on sock destruct\n (bsc#1051510).\n\n - ceph: factor out ceph_lookup_inode() (bsc#1138681).\n\n - ceph: fix NULL pointer deref when debugging is enabled\n (bsc#1138681).\n\n - ceph: fix potential use-after-free in\n ceph_mdsc_build_path (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount\n (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount\n (bsc#1140405).\n\n - ceph: print inode number in __caps_issued_mask debugging\n messages (bsc#1138681).\n\n - ceph: quota: fix quota subdir mounts (bsc#1138681).\n\n - ceph: remove duplicated filelock ref increase\n (bsc#1138681).\n\n - cfg80211: fix memory leak of wiphy device name\n (bsc#1051510).\n\n - clk: rockchip: Turn on 'aclk_dmac1' for suspend on\n rk3288 (bsc#1051510).\n\n - clk: tegra: Fix PLLM programming on Tegra124+ when PMC\n overrides divider (bsc#1051510).\n\n - coresight: etb10: Fix handling of perf mode\n (bsc#1051510).\n\n - coresight: etm4x: Add support to enable ETMv4.2\n (bsc#1051510).\n\n - cpu/topology: Export die_id (jsc#SLE-5454).\n\n - crypto: algapi - guard against uninitialized spawn list\n in crypto_remove_spawns (bsc#1133401).\n\n - crypto: cryptd - Fix skcipher instance memory leak\n (bsc#1051510).\n\n - crypto: user - prevent operating on larval algorithms\n (bsc#1133401).\n\n - dax: Fix xarray entry association for mixed mappings\n (bsc#1140893).\n\n - device core: Consolidate locking and unlocking of parent\n and device (bsc#1106383).\n\n - dmaengine: imx-sdma: remove BD_INTR for channel0\n (bsc#1051510).\n\n - doc: Cope with the deprecation of AutoReporter\n (bsc#1051510).\n\n - Documentation/ABI: Document umwait control sysfs\n interfaces (jsc#SLE-5187).\n\n - Documentation: DMA-API: fix a function name of\n max_mapping_size (bsc#1140954).\n\n - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).\n\n - driver core: Establish order of operations for\n device_add and device_del via bitflag (bsc#1106383).\n\n - driver core: Probe devices asynchronously instead of the\n driver (bsc#1106383).\n\n - drivers/base/devres: introduce devm_release_action()\n (bsc#1103992).\n\n - drivers/base/devres: introduce devm_release_action()\n (bsc#1103992 FATE#326009).\n\n - drivers/base: Introduce kill_device() (bsc#1139865).\n\n - drivers/base: kABI fixes for struct device_private\n (bsc#1106383).\n\n - drivers: depend on HAS_IOMEM for\n devm_platform_ioremap_resource() (bsc#1136333\n jsc#SLE-4994).\n\n - drivers: fix a typo in the kernel doc for\n devm_platform_ioremap_resource() (bsc#1136333\n jsc#SLE-4994).\n\n - Drivers: misc: fix out-of-bounds access in function\n param_set_kgdbts_var (bsc#1051510).\n\n - drivers: provide devm_platform_ioremap_resource()\n (bsc#1136333 jsc#SLE-4994).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: fix resource\n leak in error handling path in 'rio_dma_transfer()'\n (bsc#1051510).\n\n - drivers/rapidio/rio_cm.c: fix potential oops in\n riocm_ch_listen() (bsc#1051510).\n\n - drivers: thermal: tsens: Do not print error message on\n -EPROBE_DEFER (bsc#1051510).\n\n - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE\n (bsc#1051510).\n\n - drm/amd/powerplay: use hardware fan control if no\n powerplay fan table (bsc#1111666).\n\n - drm/arm/hdlcd: Actually validate CRTC modes\n (bsc#1111666).\n\n - drm/arm/hdlcd: Allow a bit of clock tolerance\n (bsc#1051510).\n\n - drm/arm/mali-dp: Add a loop around the second set CVAL\n and try 5 times (bsc#1111666).\n\n - drm/etnaviv: add missing failure path to destroy\n suballoc (bsc#1111666).\n\n - drm/fb-helper: generic: Do not take module ref for fbcon\n (bsc#1111666).\n\n - drm: Fix drm_release() and device unplug (bsc#1111666).\n\n - drm/i915: Add new AML_ULX support list (jsc#SLE-4986).\n\n - drm/i915: Add new ICL PCI ID (jsc#SLE-4986).\n\n - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).\n\n - drm/i915: Apply correct ddi translation table for AML\n device (jsc#SLE-4986).\n\n - drm/i915: Attach the pci match data to the device upon\n creation (jsc#SLE-4986).\n\n - drm/i915/cfl: Adding another PCI Device ID\n (jsc#SLE-4986).\n\n - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).\n\n - drm/i915/dmc: protect against reading random memory\n (bsc#1051510).\n\n - drm/i915: Fix uninitialized mask in\n intel_device_info_subplatform_init (jsc#SLE-4986).\n\n - drm/i915/gvt: ignore unexpected pvinfo write\n (bsc#1051510).\n\n - drm/i915/icl: Adding few more device IDs for Ice Lake\n (jsc#SLE-4986).\n\n - drm/i915: Introduce concept of a sub-platform\n (jsc#SLE-4986).\n\n - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).\n\n - drm/i915: Move final cleanup of drm_i915_private to\n i915_driver_destroy (jsc#SLE-4986).\n\n - drm/i915: Remove redundant device id from IS_IRONLAKE_M\n macro (jsc#SLE-4986).\n\n - drm/i915: Split Pineview device info into desktop and\n mobile (jsc#SLE-4986).\n\n - drm/i915: Split some PCI ids into separate groups\n (jsc#SLE-4986).\n\n - drm/i915: start moving runtime device info to a separate\n struct (jsc#SLE-4986).\n\n - drm/imx: notify drm core before sending event during\n crtc disable (bsc#1111666).\n\n - drm/imx: only send event on crtc disable if kept\n disabled (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD MicroPC\n (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD pocket2\n (bsc#1111666).\n\n - drm/vmwgfx: fix a warning due to missing dma_parms\n (bsc#1111666).\n\n - drm/vmwgfx: Use the backdoor port if the HB port is not\n available (bsc#1111666).\n\n - EDAC/mc: Fix edac_mc_find() in case no device is found\n (bsc#1114279).\n\n - ext4: do not delete unlinked inode from orphan list on\n failed truncate (bsc#1140891).\n\n - failover: allow name change on IFF_UP slave interfaces\n (bsc#1109837).\n\n - fs: hugetlbfs: fix hwpoison reserve accounting\n (bsc#1139712) \n\n - fs/ocfs2: fix race in ocfs2_dentry_attach_lock()\n (bsc#1140889).\n\n - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference\n (bsc#1140887).\n\n - fs/proc/proc_sysctl.c: fix NULL pointer dereference in\n put_links (bsc#1140887).\n\n - ftrace/x86: Remove possible deadlock between\n register_kprobe() and ftrace_run_update_code()\n (bsc#1071995).\n\n - ftrace/x86: Remove possible deadlock between\n register_kprobe() and ftrace_run_update_code()\n (bsc#1071995 fate#323487).\n\n - genirq: Prevent use-after-free and work list corruption\n (bsc#1051510).\n\n - genirq: Respect IRQCHIP_SKIP_SET_WAKE in\n irq_chip_set_wake_parent() (bsc#1051510).\n\n - genwqe: Prevent an integer overflow in the ioctl\n (bsc#1051510).\n\n - gpio: omap: fix lack of irqstatus_raw0 for OMAP4\n (bsc#1051510).\n\n - hugetlbfs: dirty pages as they are added to pagecache\n (git fixes (mm/hugetlbfs)).\n\n - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!\n (git fixes (mm/hugetlbfs)).\n\n - hwmon/coretemp: Cosmetic: Rename internal variables to\n zones from packages (jsc#SLE-5454).\n\n - hwmon/coretemp: Support multi-die/package\n (jsc#SLE-5454).\n\n - hwmon: (k10temp) 27C Offset needed for Threadripper2\n (FATE#327735).\n\n - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).\n\n - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega\n graphics (FATE#327735).\n\n - hwmon: (k10temp) Add support for family 17h\n (FATE#327735).\n\n - hwmon: (k10temp) Add support for Stoney Ridge and\n Bristol Ridge CPUs (FATE#327735).\n\n - hwmon: (k10temp) Add support for temperature offsets\n (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 1900X\n (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 2700X\n (FATE#327735).\n\n - hwmon: (k10temp) Correct model name for Ryzen 1600X\n (FATE#327735).\n\n - hwmon: (k10temp) Display both Tctl and Tdie\n (FATE#327735).\n\n - hwmon: (k10temp) Fix reading critical temperature\n register (FATE#327735).\n\n - hwmon: (k10temp) Make function get_raw_temp static\n (FATE#327735).\n\n - hwmon: (k10temp) Move chip specific code into probe\n function (FATE#327735).\n\n - hwmon: (k10temp) Only apply temperature offset if result\n is positive (FATE#327735).\n\n - hwmon: (k10temp) Support all Family 15h Model 6xh and\n Model 7xh processors (FATE#327735).\n\n - hwmon: k10temp: Support Threadripper 2920X, 2970WX;\n simplify offset table (FATE#327735).\n\n - hwmon: (k10temp) Use API function to access System\n Management Network (FATE#327735).\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs\n (FATE#327735).\n\n - i2c: acorn: fix i2c warning (bsc#1135642).\n\n - i2c: mlxcpld: Add support for extended transaction\n length for i2c-mlxcpld (bsc#1112374).\n\n - i2c: mlxcpld: Add support for smbus block read\n transaction (bsc#1112374).\n\n - i2c: mlxcpld: Allow configurable adapter id for mlxcpld\n (bsc#1112374).\n\n - i2c: mlxcpld: Fix adapter functionality support callback\n (bsc#1112374).\n\n - i2c: mlxcpld: Fix wrong initialization order in probe\n (bsc#1112374).\n\n - i2c: mux: mlxcpld: simplify code to reach the adapter\n (bsc#1112374).\n\n - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).\n\n - IB/hfi1: Clear the IOWAIT pending bits when QP is put\n into error state (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Create inline to get extended headers\n (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Validate fault injection opcode user input\n (bsc#1114685 FATE#325854).\n\n - IB/mlx5: Verify DEVX general object type correctly\n (bsc#1103991 FATE#326007).\n\n - ibmveth: Update ethtool settings to reflect virtual\n properties (bsc#1136157, LTC#177197).\n\n - input: synaptics - enable SMBus on ThinkPad E480 and\n E580 (bsc#1051510).\n\n - input: uinput - add compat ioctl number translation for\n UI_*_FF_UPLOAD (bsc#1051510).\n\n - iommu/amd: Make iommu_disable safer (bsc#1140955).\n\n - iommu/arm-smmu: Add support for qcom,smmu-v2 variant\n (bsc#1051510).\n\n - iommu/arm-smmu: Avoid constant zero in TLBI writes\n (bsc#1140956).\n\n - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes\n (bsc#1111666).\n\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer\n register (bsc#1051510).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons\n pointer (bsc#1051510).\n\n - iommu: Fix a leak in iommu_insert_resv_region\n (bsc#1140957).\n\n - iommu: Use right function to get group for device\n (bsc#1140958).\n\n - iommu/vt-d: Duplicate iommu_resv_region objects per\n device list (bsc#1140959).\n\n - iommu/vt-d: Handle PCI bridge RMRR device scopes in\n intel_iommu_get_resv_regions (bsc#1140960).\n\n - iommu/vt-d: Handle RMRR with PCI bridge device scopes\n (bsc#1140961).\n\n - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper\n (bsc#1140962).\n\n - iommu/vt-d: Remove unnecessary rcu_read_locks\n (bsc#1140964).\n\n - iov_iter: Fix build error without CONFIG_CRYPTO\n (bsc#1111666).\n\n - ipv6: fib: Do not assume only nodes hold a reference on\n routes (bsc#1138732).\n\n - irqchip/gic-v3-its: fix some definitions of inner\n cacheability attributes (bsc#1051510).\n\n - irqchip/mbigen: Do not clear eventid when freeing an MSI\n (bsc#1051510).\n\n - ixgbe: Avoid NULL pointer dereference with VF on\n non-IPsec hw (bsc#1140228).\n\n - kabi fixup blk_mq_register_dev() (bsc#1140637).\n\n - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803\n FATE#327056).\n\n - kabi workaround for asus-wmi changes (bsc#1051510).\n\n - kabi: x86/topology: Add CPUID.1F multi-die/package\n support (jsc#SLE-5454).\n\n - kabi: x86/topology: Define topology_logical_die_id()\n (jsc#SLE-5454).\n\n - kvm: svm/avic: fix off-by-one in checking host APIC ID\n (bsc#1140971).\n\n - kvm: x86: fix return value for reserved EFER\n (bsc#1140992).\n\n - kvm: x86: Include CPUID leaf 0x8000001e in kvm's\n supported CPUID (bsc#1114279).\n\n - kvm: x86: Include multiple indices with CPUID leaf\n 0x8000001d (bsc#1114279).\n\n - kvm: x86: Skip EFER vs. guest CPUID checks for\n host-initiated writes (bsc#1140972).\n\n - libata: Extend quirks for the ST1000LM024 drives with\n NOLPM quirk (bsc#1051510).\n\n - libceph: assign cookies in linger_submit()\n (bsc#1135897).\n\n - libceph: check reply num_data_items in\n setup_request_data() (bsc#1135897).\n\n - libceph: do not consume a ref on pagelist in\n ceph_msg_data_add_pagelist() (bsc#1135897).\n\n - libceph: enable fallback to ceph_msg_new() in\n ceph_msgpool_get() (bsc#1135897).\n\n - libceph: introduce alloc_watch_request() (bsc#1135897).\n\n - libceph: introduce ceph_pagelist_alloc() (bsc#1135897).\n\n - libceph: preallocate message data items (bsc#1135897).\n\n - libceph, rbd: add error handling for\n osd_req_op_cls_init() (bsc#1135897). This feature was\n requested for SLE15 but aws reverted in packaging and\n master.\n\n - libceph, rbd, ceph: move ceph_osdc_alloc_messages()\n calls (bsc#1135897).\n\n - libnvdimm/bus: Prevent duplicate device_unregister()\n calls (bsc#1139865).\n\n - libnvdimm, pfn: Fix over-trim in trim_pfn_device()\n (bsc#1140719).\n\n - mac80211: Do not use stack memory with scatterlist for\n GMAC (bsc#1051510).\n\n - mac80211: drop robust management frames from unknown TA\n (bsc#1051510).\n\n - mac80211: handle deauthentication/disassociation from\n TDLS peer (bsc#1051510).\n\n - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).\n\n - mfd: hi655x: Fix regmap area declared size for hi655x\n (bsc#1051510).\n\n - mISDN: make sure device name is NUL terminated\n (bsc#1051510).\n\n - mlxsw: core: Add API for QSFP module temperature\n thresholds reading (bsc#1112374).\n\n - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD\n workqueue (bsc#1112374).\n\n - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context\n warning (bsc#1112374).\n\n - mlxsw: core: Move ethtool module callbacks to a common\n location (bsc#1112374).\n\n - mlxsw: core: Prevent reading unsupported slave address\n from SFP EEPROM (bsc#1112374).\n\n - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).\n\n - mlxsw: reg: Add Management Temperature Bulk Register\n (bsc#1112374).\n\n - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).\n\n - mlxsw: spectrum: Move QSFP EEPROM definitions to common\n location (bsc#1112374).\n\n - mlxsw: spectrum: Put MC TCs into DWRR mode\n (bsc#1112374).\n\n - mmc: core: complete HS400 before checking status\n (bsc#1111666).\n\n - mmc: core: Prevent processing SDIO IRQs when the card is\n suspended (bsc#1051510).\n\n - mm/devm_memremap_pages: introduce devm_memunmap_pages\n (bsc#1103992 FATE#326009).\n\n - mm: fix race on soft-offlining free huge pages\n (bsc#1139712). \n\n - mm: hugetlb: delete dequeue_hwpoisoned_huge_page()\n (bsc#1139712). \n\n - mm: hugetlb: prevent reuse of hwpoisoned free hugepages\n (bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve_free_huge_page()\n return zero on !PageHuge (bsc#bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve source hugepage\n after successful migration (bsc#1139712). \n\n - mm: hugetlb: soft_offline: save compound page order\n before page migration (bsc#1139712) \n\n - mm: hwpoison: change PageHWPoison behavior on hugetlb\n pages (bsc#1139712). \n\n - mm: hwpoison: dissolve in-use hugepage in unrecoverable\n memory error (bsc#1139712). \n\n - mm: hwpoison: introduce idenfity_page_state\n (bsc#1139712). \n\n - mm: hwpoison: introduce memory_failure_hugetlb()\n (bsc#1139712). \n\n - mm/page_alloc.c: avoid potential NULL pointer\n dereference (git fixes (mm/pagealloc)).\n\n - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag\n (git fixes (mm/pagealloc)).\n\n - mm: soft-offline: close the race against page allocation\n (bsc#1139712). \n\n - mm: soft-offline: dissolve free hugepage if\n soft-offlined (bsc#1139712). \n\n - mm: soft-offline: return -EBUSY if\n set_hwpoison_free_buddy_page() fails (bsc#1139712). \n\n - mm/vmscan.c: prevent useless kswapd loops (git fixes\n (mm/vmscan)).\n\n - module: Fix livepatch/ftrace module text permissions\n race (bsc#1071995 fate#323487).\n\n - net: core: support XDP generic on stacked devices\n (bsc#1109837).\n\n - net: do not clear sock->sk early to avoid trouble in\n strparser (bsc#1103990 FATE#326006).\n\n - net: ena: add ethtool function for changing io queue\n sizes (bsc#1138879).\n\n - net: ena: add good checksum counter (bsc#1138879).\n\n - net: ena: add handling of llq max tx burst size\n (bsc#1138879).\n\n - net: ena: add MAX_QUEUES_EXT get feature admin command\n (bsc#1138879).\n\n - net: ena: add newline at the end of pr_err prints\n (bsc#1138879).\n\n - net: ena: add support for changing max_header_size in\n LLQ mode (bsc#1138879).\n\n - net: ena: allow automatic fallback to polling mode\n (bsc#1138879).\n\n - net: ena: allow queue allocation backoff when low on\n memory (bsc#1138879).\n\n - net: ena: arrange ena_probe() function variables in\n reverse christmas tree (bsc#1138879).\n\n - net: ena: enable negotiating larger Rx ring size\n (bsc#1138879).\n\n - net: ena: ethtool: add extra properties retrieval via\n get_priv_flags (bsc#1138879).\n\n - net: ena: Fix bug where ring allocation backoff stopped\n too late (bsc#1138879).\n\n - net: ena: fix ena_com_fill_hash_function()\n implementation (bsc#1138879).\n\n - net: ena: fix: Free napi resources when ena_up() fails\n (bsc#1138879).\n\n - net: ena: fix incorrect test of supported hash function\n (bsc#1138879).\n\n - net: ena: fix: set freed objects to NULL to avoid\n failing future allocations (bsc#1138879).\n\n - net: ena: fix swapped param
(RHSA-2019:3309) Important: kernel-rt security and bug fix update
