The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)
* kernel: TLB flush happens too late on mremap (CVE-2018-18281)
* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1779367)
{"nessus": [{"lastseen": "2023-05-18T14:55:28", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel-rt (RHSA-2020:0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"], "id": "REDHAT-RHSA-2020-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/132947", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0100. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132947);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-18281\", \"CVE-2018-20856\", \"CVE-2019-11599\");\n script_xref(name:\"RHSA\", value:\"2020:0100\");\n\n script_name(english:\"RHEL 6 : kernel-rt (RHSA-2020:0100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20856\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0100');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-doc-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-firmware-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / kernel-rt-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:16:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0103 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599", "CVE-2019-6974"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/132886", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0103. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132886);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-10853\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-6974\",\n \"CVE-2019-11599\"\n );\n script_bugtraq_id(105761, 107127, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0103\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0103)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0103 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-6974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1671913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 250, 362, 416, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-6974', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0103');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.62.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:16:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2019-11599"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0179.NASL", "href": "https://www.tenable.com/plugins/nessus/133164", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0179. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133164);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-18281\", \"CVE-2019-11599\");\n script_bugtraq_id(105761, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0179\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(250, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0179');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.43.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:17:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0698 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2020:0698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_3", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_41_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_43_1"], "id": "REDHAT-RHSA-2020-0698.NASL", "href": "https://www.tenable.com/plugins/nessus/134265", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0698. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134265);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2018-20856\");\n script_xref(name:\"RHSA\", value:\"2020:0698\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2020:0698)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:0698 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20856\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_41_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_43_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-957.35.1.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_35_1-1-6.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.35.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_35_1-1-6.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.35.2.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_35_2-1-5.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.35.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_35_2-1-5.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.1.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_1-1-4.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_1-1-4.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.2.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_2-1-3.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_2-1-3.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.3.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_3-1-3.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.3.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_3-1-3.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.41.1.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_41_1-1-1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.41.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_41_1-1-1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.43.1.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_43_1-1-1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.43.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_43_1-1-1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-957_35_1 / kpatch-patch-3_10_0-957_35_2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:02", "description": "The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322 Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n\n - Input: xpad - fix some coding style issues (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2 (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move() (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n\n - autofs: mount point create should honour passed in mode (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock (networking-stable-18_10_16).\n\n - bonding: fix length of actor system (networking-stable-18_11_02).\n\n - bonding: fix warning message (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n\n - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).\n\n - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).\n\n - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n\n - fscache: fix race between enablement and dropping of object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger (bsc#1051510).\n\n - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n\n - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n\n - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n\n - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n\n - nfsd: check for use of the closed special stateid (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n\n - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n\n - rds: fix two RCU related problems (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches\n\n - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path (bsc#1114584).\n\n - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n\n - scsi: target: tcmu: add read length support (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver() (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs ().\n\n - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).", "cvss3": {}, "published": "2018-12-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1548.NASL", "href": "https://www.tenable.com/plugins/nessus/119708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1548.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119708);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)\");\n script_summary(english:\"Check for the openSUSE-2018-1548 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail\n DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list\n (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table\n uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types\n (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio\n pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a\n user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of\n iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre\n x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp\n detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record\n (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling\n (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI\n MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for\n lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save\n blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations\n (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell\n WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail\n (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE\n to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards\n using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal\n (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth\n (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes\n mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using\n no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow\n (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block\n (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free\n extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches\n (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after\n deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write\n path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction\n (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space\n (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a\n tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got\n its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename\n dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not\n vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is\n complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322\n Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or\n elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable\n when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities\n (bsc#1051510).\n\n - Input: xpad - fix some coding style issues\n (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted\n requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from\n genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change\n (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move\n vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real\n mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit\n path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG\n interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same\n core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs\n on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse\n during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs\n virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR\n value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to\n determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag\n for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer\n register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of\n kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or\n 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with\n POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in\n radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in\n HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real\n mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in\n kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger\n HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt\n masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie\n sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU\n ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler\n optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under\n kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table\n entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to\n Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR\n count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest\n entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and\n change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the\n radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts\n on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE\n when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition\n scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for\n kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move\n kvmppc_save_tm/kvmppc_restore_tm to separate file\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX\n instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages\n with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64\n parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with\n some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated\n TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE\n (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage\n issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian\n (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in\n kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()\n (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit\n (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1\n (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to\n nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place\n (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING\n hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2\n (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete\n (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req\n (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially\n (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback\n (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock\n (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on\n NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests\n (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when\n aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables\n MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt'\n quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up\n check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support\n (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges\n (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus\n (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers\n (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH\n (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and\n svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display\n (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA\n is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens\n (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag\n (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test\n (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection\n (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move()\n (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free\n (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address\n Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world\n switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times\n out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type\n (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel()\n (git-fixes).\n\n - autofs: mount point create should honour passed in mode\n (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if\n badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets\n (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro\n (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro\n (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs\n (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll\n (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails\n (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock\n (networking-stable-18_10_16).\n\n - bonding: fix length of actor system\n (networking-stable-18_11_02).\n\n - bonding: fix warning message\n (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also\n (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper\n (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar\n (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating\n map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth\n (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels\n (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz\n bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives\n query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups\n (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS\n (bsc#1116863).\n\n - cachefiles: fix the race between\n cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt\n (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in\n raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb()\n and can_rx_offload_queue_sorted() functions\n (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state\n notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb\n unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate\n (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check\n (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result\n channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint()\n (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate()\n (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk\n (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in\n rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match\n (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT\n node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for\n suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown\n quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped\n skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely\n (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding\n prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in\n amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading\n driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred\n (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction,\n just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion\n 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into\n context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N\n values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe\n audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port\n (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes\n (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite\n (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are\n gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3\n (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config\n (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in\n meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0\n (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver\n (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on\n reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing\n requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error\n path (bsc#1117795).\n\n - ext4: add missing brelse() in\n set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path\n (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior\n errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in\n ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in\n setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error\n path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on\n error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array()\n fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of\n ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error\n path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in\n error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl\n (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error\n path (bsc#1117791).\n\n - ext4: initialize retries variable in\n ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in\n EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in\n ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table\n (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments\n (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent\n (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq\n (git-fixes).\n\n - fscache: fix race between enablement and dropping of\n object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify()\n (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in\n stack_tracer_{en,dis}able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph\n (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field\n (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection\n (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on\n gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook\n (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI\n (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe()\n (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations\n (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection\n (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend\n (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440,\n bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in\n iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger\n (bsc#1051510).\n\n - ima: fix showing large 'violations' or\n 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an\n unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using\n ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are\n visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free\n (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in\n prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout\n (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6\n tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked\n (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU\n net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in\n SYN-RECV and TIME-WAIT state\n (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol\n error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check\n (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc()\n (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE\n (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware\n (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM\n (bsc#1051510).\n\n - iwlwifi: mvm: check return value of\n rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not\n used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal\n symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM\n fixes remove exports of realmode_pfn_to_page\n iommu_tce_xchg_rm mm_iommu_lookup_rm\n mm_iommu_ua_to_hpa_rm. Some are no longer used and\n others are no longer exported because the code was\n consolideted in one place. These helpers are to be\n called in realmode and linking to them from non-KVM\n modules is a bug. Hence removing them does not break\n KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC)\n conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic\n (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer\n (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive\n regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling\n async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket()\n (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal\n interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment\n (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s\n (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first\n added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines\n (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator\n registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq,\n unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery\n after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast\n device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in\n remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak\n (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration\n (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly\n (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug\n (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev\n 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED\n mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked\n mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb()\n (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags\n (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit\n error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in\n in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface\n (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating\n switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting\n vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove\n flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow\n (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page\n fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs\n (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules\n (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso\n (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op\n (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data\n path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames\n (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5\n (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast\n queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume\n (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering\n (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696\n bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel\n memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec\n (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696\n bsc#1117561).\n\n - net: ena: explicit casting and initialization, and\n clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi\n initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696\n bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture\n (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from\n hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better\n readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is\n followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap\n (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures\n according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid\n latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove redundant parameter in\n ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696\n bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report\n skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not\n available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on\n (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state\n (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps\n (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time\n (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition\n (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep\n GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers\n (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump\n (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL\n (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module\n (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to\n gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range\n (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug\n (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building\n stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path\n (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets\n (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device\n (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if\n there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files\n (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid\n for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid\n operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE\n (git-fixes).\n\n - nfsd: check for use of the closed special stateid\n (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately\n (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (git-fixes).\n\n - nfsd: fix potential use-after-free in\n nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in\n nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT\n (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing\n ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed\n (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing\n the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation\n (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in\n nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero\n in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269\n Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching\n root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh\n bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in\n atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting\n (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of\n pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be\n compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be\n compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs\n (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31\n v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure\n (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've\n processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data\n retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs\n before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper\n (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break\n (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom\n allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers\n (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte()\n (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for\n power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on\n demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max\n window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size\n check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in\n concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb\n (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()\n (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of\n pnv_npu2_init_contex() callback parameters\n (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of\n flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge\n enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace\n (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors\n (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with\n npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with\n interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own\n file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation\n (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology\n update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration\n (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries\n (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump\n (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header\n (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to\n command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the\n driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06\n (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared\n device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load\n (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change\n (git-fixes).\n\n - rds: fix two RCU related problems\n (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks\n (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into\n kernel-*-devel Starting with 4.20-rc1, file\n arch/*/kernel/macros.s is needed to build out of tree\n modules. Add it to kernel-${flavor}-devel packages if it\n exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM\n patches\n\n - rpm: use syncconfig instead of silentoldconfig where\n available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig'\n can be no longer used. Use 'make syncconfig' instead if\n available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet\n device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header\n (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer\n entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501,\n LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501,\n LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501,\n LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an\n ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info\n (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415,\n bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415,\n bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup\n (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of\n reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git\n 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs\n triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue()\n (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log\n (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on\n if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking\n adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port\n address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path\n (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds\n diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN\n (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by\n ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check\n (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in\n point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to\n support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io\n and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size'\n (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing\n infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport\n (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs\n (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link\n bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg\n resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8\n (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in\n 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation\n (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path\n (bsc#1114584).\n\n - scsi: sysfs: Introduce\n sysfs_{un,}break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn\n about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception\n (bsc#1114576).\n\n - scsi: target: tcmu: add read length support\n (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc\n (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event\n (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in\n sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt\n (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending\n addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non\n existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of\n error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat\n VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist\n (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in\n core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception\n (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered\n (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and\n flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary\n data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit()\n (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect\n (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution\n (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self\n tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests\n (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test\n result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on\n (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests\n (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND\n to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to\n tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in\n tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0\n generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail\n (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc\n (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest()\n (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read()\n (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write\n (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver()\n (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via\n rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets\n (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing\n (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting\n (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices\n (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static\n (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem\n (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost\n (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right\n away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN\n transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero\n chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned\n transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration\n (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC\n (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional\n gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX\n RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison\n overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending\n (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for\n overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes\n (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for\n serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal\n (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation\n (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in\n memory_corruption_check() when boot option without value\n is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock()\n (bsc#1114279).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT\n pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all()\n (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n ().\n\n - x86/xen: Fix boot loader version reported for PVH guests\n (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check\n physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on\n device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices\n (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any\n device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS\n devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal\n (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:21:02", "description": "The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322 Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n\n - Input: xpad - fix some coding style issues (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2 (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move() (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n\n - autofs: mount point create should honour passed in mode (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock (networking-stable-18_10_16).\n\n - bonding: fix length of actor system (networking-stable-18_11_02).\n\n - bonding: fix warning message (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n\n - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).\n\n - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).\n\n - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n\n - fscache: fix race between enablement and dropping of object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in stack_tracer_(en,dis)able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger (bsc#1051510).\n\n - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n\n - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n\n - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n\n - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n\n - nfsd: check for use of the closed special stateid (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n\n - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n\n - rds: fix two RCU related problems (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-$(flavor)-devel packages if it exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches\n\n - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path (bsc#1114584).\n\n - scsi: sysfs: Introduce sysfs_(un,)break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n\n - scsi: target: tcmu: add read length support (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver() (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs ().\n\n - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-974.NASL", "href": "https://www.tenable.com/plugins/nessus/123397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-974.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123397);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)\");\n script_summary(english:\"Check for the openSUSE-2019-974 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail\n DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list\n (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table\n uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types\n (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio\n pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a\n user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of\n iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre\n x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp\n detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record\n (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling\n (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI\n MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for\n lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save\n blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations\n (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell\n WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail\n (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE\n to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards\n using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal\n (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth\n (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes\n mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using\n no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow\n (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block\n (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free\n extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches\n (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after\n deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write\n path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction\n (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space\n (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a\n tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got\n its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename\n dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not\n vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is\n complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322\n Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or\n elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable\n when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities\n (bsc#1051510).\n\n - Input: xpad - fix some coding style issues\n (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted\n requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from\n genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change\n (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move\n vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real\n mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit\n path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG\n interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same\n core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs\n on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse\n during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs\n virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR\n value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to\n determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag\n for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer\n register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of\n kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or\n 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with\n POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in\n radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in\n HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real\n mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in\n kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger\n HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt\n masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie\n sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU\n ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler\n optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under\n kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table\n entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to\n Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR\n count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest\n entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and\n change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the\n radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts\n on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE\n when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition\n scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for\n kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move\n kvmppc_save_tm/kvmppc_restore_tm to separate file\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX\n instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages\n with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64\n parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with\n some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated\n TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE\n (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage\n issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian\n (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in\n kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()\n (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit\n (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1\n (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to\n nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place\n (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING\n hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2\n (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete\n (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req\n (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially\n (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback\n (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock\n (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on\n NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests\n (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when\n aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables\n MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt'\n quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up\n check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support\n (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges\n (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus\n (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers\n (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH\n (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and\n svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display\n (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA\n is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens\n (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag\n (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test\n (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection\n (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move()\n (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free\n (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address\n Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world\n switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times\n out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type\n (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel()\n (git-fixes).\n\n - autofs: mount point create should honour passed in mode\n (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if\n badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets\n (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro\n (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro\n (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs\n (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll\n (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails\n (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock\n (networking-stable-18_10_16).\n\n - bonding: fix length of actor system\n (networking-stable-18_11_02).\n\n - bonding: fix warning message\n (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also\n (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper\n (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar\n (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating\n map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth\n (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels\n (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz\n bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives\n query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups\n (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS\n (bsc#1116863).\n\n - cachefiles: fix the race between\n cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt\n (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in\n raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb()\n and can_rx_offload_queue_sorted() functions\n (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state\n notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb\n unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate\n (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check\n (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result\n channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint()\n (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate()\n (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk\n (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in\n rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match\n (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT\n node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for\n suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown\n quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped\n skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely\n (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding\n prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in\n amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading\n driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred\n (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction,\n just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion\n 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into\n context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N\n values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe\n audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port\n (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes\n (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite\n (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are\n gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3\n (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config\n (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in\n meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0\n (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver\n (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on\n reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing\n requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error\n path (bsc#1117795).\n\n - ext4: add missing brelse() in\n set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path\n (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior\n errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in\n ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in\n setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error\n path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on\n error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array()\n fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of\n ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error\n path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in\n error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl\n (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error\n path (bsc#1117791).\n\n - ext4: initialize retries variable in\n ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in\n EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in\n ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table\n (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments\n (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent\n (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq\n (git-fixes).\n\n - fscache: fix race between enablement and dropping of\n object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify()\n (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in\n stack_tracer_(en,dis)able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph\n (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field\n (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection\n (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on\n gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook\n (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI\n (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe()\n (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations\n (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection\n (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend\n (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440,\n bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in\n iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger\n (bsc#1051510).\n\n - ima: fix showing large 'violations' or\n 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an\n unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using\n ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are\n visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free\n (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in\n prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout\n (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6\n tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked\n (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU\n net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in\n SYN-RECV and TIME-WAIT state\n (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol\n error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check\n (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc()\n (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE\n (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware\n (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM\n (bsc#1051510).\n\n - iwlwifi: mvm: check return value of\n rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not\n used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal\n symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM\n fixes remove exports of realmode_pfn_to_page\n iommu_tce_xchg_rm mm_iommu_lookup_rm\n mm_iommu_ua_to_hpa_rm. Some are no longer used and\n others are no longer exported because the code was\n consolideted in one place. These helpers are to be\n called in realmode and linking to them from non-KVM\n modules is a bug. Hence removing them does not break\n KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC)\n conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic\n (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer\n (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive\n regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling\n async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket()\n (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal\n interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment\n (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s\n (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first\n added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines\n (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator\n registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq,\n unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery\n after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast\n device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in\n remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak\n (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration\n (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly\n (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug\n (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev\n 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED\n mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked\n mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb()\n (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags\n (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit\n error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in\n in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface\n (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating\n switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting\n vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove\n flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow\n (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page\n fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs\n (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules\n (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso\n (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op\n (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data\n path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames\n (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5\n (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast\n queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume\n (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering\n (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696\n bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel\n memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec\n (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696\n bsc#1117561).\n\n - net: ena: explicit casting and initialization, and\n clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi\n initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696\n bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture\n (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from\n hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better\n readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is\n followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap\n (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures\n according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid\n latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove redundant parameter in\n ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696\n bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report\n skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not\n available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on\n (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state\n (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps\n (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time\n (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition\n (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep\n GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers\n (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump\n (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL\n (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module\n (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to\n gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range\n (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug\n (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building\n stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path\n (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets\n (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device\n (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if\n there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files\n (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid\n for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid\n operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE\n (git-fixes).\n\n - nfsd: check for use of the closed special stateid\n (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately\n (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (git-fixes).\n\n - nfsd: fix potential use-after-free in\n nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in\n nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT\n (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing\n ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed\n (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing\n the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation\n (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in\n nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero\n in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269\n Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching\n root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh\n bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in\n atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting\n (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of\n pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be\n compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be\n compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs\n (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31\n v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure\n (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've\n processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data\n retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs\n before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper\n (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break\n (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom\n allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers\n (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte()\n (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for\n power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on\n demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max\n window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size\n check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in\n concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb\n (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()\n (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of\n pnv_npu2_init_contex() callback parameters\n (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of\n flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge\n enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace\n (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors\n (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with\n npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with\n interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own\n file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation\n (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology\n update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration\n (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries\n (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump\n (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header\n (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to\n command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the\n driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06\n (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared\n device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load\n (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change\n (git-fixes).\n\n - rds: fix two RCU related problems\n (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks\n (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into\n kernel-*-devel Starting with 4.20-rc1, file\n arch/*/kernel/macros.s is needed to build out of tree\n modules. Add it to kernel-$(flavor)-devel packages if it\n exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM\n patches\n\n - rpm: use syncconfig instead of silentoldconfig where\n available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig'\n can be no longer used. Use 'make syncconfig' instead if\n available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet\n device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header\n (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer\n entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501,\n LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501,\n LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501,\n LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an\n ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info\n (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415,\n bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415,\n bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup\n (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of\n reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git\n 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs\n triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue()\n (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log\n (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on\n if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking\n adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port\n address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path\n (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds\n diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN\n (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by\n ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check\n (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in\n point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to\n support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io\n and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size'\n (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing\n infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport\n (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs\n (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link\n bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg\n resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8\n (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in\n 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation\n (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path\n (bsc#1114584).\n\n - scsi: sysfs: Introduce\n sysfs_(un,)break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn\n about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception\n (bsc#1114576).\n\n - scsi: target: tcmu: add read length support\n (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc\n (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event\n (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in\n sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt\n (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending\n addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non\n existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of\n error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat\n VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist\n (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in\n core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception\n (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered\n (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and\n flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary\n data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit()\n (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect\n (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution\n (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self\n tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests\n (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test\n result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on\n (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests\n (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND\n to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to\n tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in\n tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0\n generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail\n (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc\n (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest()\n (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read()\n (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write\n (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver()\n (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via\n rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets\n (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing\n (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting\n (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices\n (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static\n (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem\n (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost\n (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right\n away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN\n transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero\n chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned\n transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration\n (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC\n (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional\n gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX\n RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison\n overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending\n (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for\n overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes\n (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for\n serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal\n (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation\n (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in\n memory_corruption_check() when boot option without value\n is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock()\n (bsc#1114279).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT\n pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all()\n (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n ().\n\n - x86/xen: Fix boot loader version reported for PVH guests\n (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check\n physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on\n device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices\n (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any\n device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS\n devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal\n (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:42", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 14.1.5 / 15.1.5.1 / 15.1.6 / 16.1.2.2 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K36462841 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K36462841)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL36462841.NASL", "href": "https://www.tenable.com/plugins/nessus/162943", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K36462841.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162943);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K36462841)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 14.1.5 / 15.1.5.1 /\n15.1.6 / 16.1.2.2 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K36462841\nadvisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K36462841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K36462841.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nvar sol = 'K36462841';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:43", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2019-1.0-0235", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599"], "modified": "2019-05-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0235_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/125401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0235. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125401);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/05/30 11:03:54\");\n\n script_cve_id(\"CVE-2019-11599\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2019-1.0-0235\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-235.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.178-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.178-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T15:30:17", "description": "The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.\n(CVE-2019-11599)\n\nImpact\n\nA locally authenticated attacker can discover sensitive information, cause a denial of service (DoS), or impact the system in another way by triggering a race condition with the vulnerable component.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K51674118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599"], "modified": "2021-09-23T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL51674118.NASL", "href": "https://www.tenable.com/plugins/nessus/150465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K51674118.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150465);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/23\");\n\n script_cve_id(\"CVE-2019-11599\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K51674118)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The coredump implementation in the Linux kernel before 5.0.10 does not\nuse locking or other mechanisms to prevent vma layout or vma flags\nchanges while it runs, which allows local users to obtain sensitive\ninformation, cause a denial of service, or possibly have unspecified\nother impact by triggering a race condition with mmget_not_zero or\nget_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\nfs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.\n(CVE-2019-11599)\n\nImpact\n\nA locally authenticated attacker can discover sensitive information,\ncause a denial of service (DoS), or impact the system in another way\nby triggering a race condition with the vulnerable component.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K51674118\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K51674118.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K51674118\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"16.0.0-16.0.1\",\"15.0.0-15.1.3\",\"14.0.0-14.1.4\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"16.1.0\",\"16.0.1.2\",\"15.1.4\",\"14.1.4.3\",\"13.1.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:17:38", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0543 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-02-19T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0543)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2018-20976", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-14895", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0543.NASL", "href": "https://www.tenable.com/plugins/nessus/133786", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0543. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133786);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2018-20976\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-14895\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n script_bugtraq_id(108113, 108488);\n script_xref(name:\"RHSA\", value:\"2020:0543\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0543)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0543 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1710405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 120, 122, 250, 362, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.5')) audit(AUDIT_OS_NOT, 'Red Hat 7.5', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-20856', 'CVE-2018-20976', 'CVE-2019-11085', 'CVE-2019-11599', 'CVE-2019-14895', 'CVE-2019-17133', 'CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0543');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/eus/rhel/computenode/7/7.5/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.5/x86_64/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/os',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-862.48.1.el7', 'sp':'5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.48.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:53", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Use-after-free in __blk_drain_queue() function. It was found that a use-after-free condition could be triggered in the block device subsystem while the outstanding command queue was drained. A patient local attacker can use this flaw to crash the system or, potentially, to escalate their privileges.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] tun: potential kernel crash when TUNSETIFF ioctl operation is used for a device with an invalid name.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Certain operations with iptables in a container may crash the kernel.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] A container that tries to mount NFS shares may cause the whole system to hang in certain conditions.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2018-7191"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-081.NASL", "href": "https://www.tenable.com/plugins/nessus/133461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133461);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2018-7191\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-081)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21]\n Use-after-free in __blk_drain_queue() function. It was\n found that a use-after-free condition could be\n triggered in the block device subsystem while the\n outstanding command queue was drained. A patient local\n attacker can use this flaw to crash the system or,\n potentially, to escalate their privileges.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21]\n tun: potential kernel crash when TUNSETIFF ioctl\n operation is used for a device with an invalid name.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21]\n Certain operations with iptables in a container may\n crash the kernel.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21]\n A container that tries to mount NFS shares may cause\n the whole system to hang in certain conditions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1716328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1738705\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c15051e\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fddf855e\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7ce08c9\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c250910\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72420f9b\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9693c7fe\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df030fea\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4271804e\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-89.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0eb04cb\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20856\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-63.3-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-64.7-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.24-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-73.29-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-85.17-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-86.2-89.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-96.21-89.2-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.\n(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. (CVE-2019-11599)", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-3900"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1232.NASL", "href": "https://www.tenable.com/plugins/nessus/126956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1232.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126956);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-3900\");\n script_xref(name:\"ALAS\", value:\"2019-1232\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1232)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An infinite loop issue was found in the vhost_net kernel module while\nhandling incoming packets in handle_rx(). The infinite loop could\noccur if one end sends packets faster than the other end can process\nthem. A guest user, maybe a remote one, could use this flaw to stall\nthe vhost_net kernel thread, resulting in a DoS scenario.\n(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation\ndoes not use locking or other mechanisms to prevent vma layout or vma\nflags changes while it runs. This allows local users to obtain\nsensitive information, cause a denial of service (DoS), or possibly\nhave unspecified other impact by triggering a race condition with\nmmget_not_zero or get_task_mm calls. (CVE-2019-11599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1232.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.133-113.105.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.133-113.105.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:40", "description": "An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.(CVE-2019-11599)", "cvss3": {}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-3900"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1232.NASL", "href": "https://www.tenable.com/plugins/nessus/127060", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1232.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127060);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-3900\");\n script_xref(name:\"ALAS\", value:\"2019-1232\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1232)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An infinite loop issue was found in the vhost_net kernel module while\nhandling incoming packets in handle_rx(). The infinite loop could\noccur if one end sends packets faster than the other end can process\nthem. A guest user, maybe a remote one, could use this flaw to stall\nthe vhost_net kernel thread, resulting in a DoS\nscenario.(CVE-2019-3900)\n\nA flaw was found in the Linux kernel where the coredump implementation\ndoes not use locking or other mechanisms to prevent vma layout or vma\nflags changes while it runs. This allows local users to obtain\nsensitive information, cause a denial of service (DoS), or possibly\nhave unspecified other impact by triggering a race condition with\nmmget_not_zero or get_task_mm calls.(CVE-2019-11599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1232.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.133-88.105.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.133-88.105.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:56", "description": "This update for the Linux Kernel 4.4.121-92_109 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3260-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_109-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3260-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3260-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132006);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10220\", \"CVE-2019-13272\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3260-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.121-92_109 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to\nan improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193260-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcc6ea8b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-3259=1 SUSE-SLE-SAP-12-SP2-2019-3260=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-3259=1 SUSE-SLE-SERVER-12-SP2-2019-3260=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_109-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_104-default-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_109-default-7-2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:25", "description": "This update for the Linux Kernel 4.4.121-92_101 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3232-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132001);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10220\", \"CVE-2019-13272\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3232-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.121-92_101 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to\nan improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193232-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc6ca454\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-3232=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-3232=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_101-default-7-2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:29", "description": "This update for the Linux Kernel 4.4.121-92_114 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3261-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3261-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132007", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3261-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132007);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10220\", \"CVE-2019-13272\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3261-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.121-92_114 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to\nan improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3\nself test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193261-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?805b93a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-3261=1 SUSE-SLE-SAP-12-SP2-2019-3262=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-3261=1 SUSE-SLE-SERVER-12-SP2-2019-3262=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_114-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_117-default-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:41", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2019-2.0-0160", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815"], "modified": "2019-05-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0160_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/125396", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0160. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125396);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/05/30 11:03:54\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11815\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2019-2.0-0160\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-160.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.173-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-tools-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.173-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.173-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T15:25:56", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-11T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11599", "CVE-2019-14898", "CVE-2019-3901"], "modified": "2020-12-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0117_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/144087", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0117. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144087);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/14\");\n\n script_cve_id(\"CVE-2019-3901\", \"CVE-2019-14898\");\n script_bugtraq_id(89937);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0117)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could\n use this flaw to obtain sensitive information, cause a denial of service, or possibly have other\n unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it\n is possible for the specified target task to perform an execve() syscall with setuid execution before\n perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check\n and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged\n execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0117\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14898\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a'\n ],\n 'CGSL MAIN 5.05': [\n 'kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a',\n 'kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.12.102.gd28955a'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:29:50", "description": "Security Fix(es) :\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n - gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n - [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)\n\n - high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n - [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188)\n\n - kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n - Growing unreclaimable slab memory (BZ#1741920)\n\n - [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#1741926)\n\n - [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n - Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442)\n\n - RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443)\n\n - RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ#1744444)\n\n - NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946)\n\n - [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239)\n\n - NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290)\n\n - [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n - Allows macvlan to operated correctly over the active-backup mode to support bonding events.\n (BZ#1751579)\n\n - [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ#1752421)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20191016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191016_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/130078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130078);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10126\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20191016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - kernel: Use-after-free in __blk_drain_queue() function\n in block/blk-core.c (CVE-2018-20856)\n\n - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie\n function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation\n attacks (KNOB) (CVE-2019-9506)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies\n function in drivers/net/wireless/marvell/mwifiex/ie.c\n (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n - gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n - [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use\n kvfree (BZ#1740178)\n\n - high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n - [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V\n guest of Windows Server 2019. (BZ#1740188)\n\n - kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n - Growing unreclaimable slab memory (BZ#1741920)\n\n - [bnx2x] ping failed from pf to vf which has been\n attached to vm (BZ#1741926)\n\n - [Hyper-V]vPCI devices cannot allocate IRQs vectors in a\n Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode)\n (BZ#1743324)\n\n - Macsec: inbound MACSEC frame is unexpectedly dropped\n with InPktsNotValid (BZ#1744442)\n\n - RHEL 7.7 Beta - Hit error when trying to run nvme\n connect with IPv6 address (BZ#1744443)\n\n - RHEL 7.6 SS4 - Paths lost when running straight I/O on\n NVMe/RoCE system (BZ#1744444)\n\n - NFSv4.0 client sending a double CLOSE (leading to EIO\n application failure) (BZ#1744946)\n\n - [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes\n 10 seconds, but the VM was unavailable for 2 hours\n (BZ#1748239)\n\n - NFS client autodisconnect timer may fire immediately\n after TCP connection setup and may cause DoS type\n reconnect problem in complex network environments\n (BZ#1749290)\n\n - [Inspur] RHEL7.6 ASPEED graphic card display issue\n (BZ#1749296)\n\n - Allows macvlan to operated correctly over the\n active-backup mode to support bonding events.\n (BZ#1751579)\n\n - [LLNL 7.5 Bug] slab leak causing a crash when using kmem\n control group (BZ#1752421)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1737373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1741920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1741926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1743324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1748239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1749290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1749296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1751579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1752421\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1910&L=SCIENTIFIC-LINUX-ERRATA&P=1567\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e7582ac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:18", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3055 advisory.\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. (CVE-2019-9506)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. (CVE-2019-10126)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-3055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-3055.NASL", "href": "https://www.tenable.com/plugins/nessus/130039", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-3055.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130039);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3055\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-3055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-3055 advisory.\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing the key length negotiation. This allows practical\n brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the\n victim noticing. (CVE-2019-9506)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other\n consequences. (CVE-2019-10126)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-3055.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1062.4.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-3055');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.4.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:12", "description": "This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3228-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131999);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-10220\",\n \"CVE-2019-13272\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to\nan improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3\nself test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193228-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30bcfa67\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3228=1 SUSE-SLE-SAP-12-SP3-2019-3229=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3228=1 SUSE-SLE-SERVER-12-SP3-2019-3229=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-debuginfo-6-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:39", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570)", "cvss3": {}, "published": "2019-10-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:3089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3089.NASL", "href": "https://www.tenable.com/plugins/nessus/129992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3089. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129992);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3089\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:3089)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20856\", \"CVE-2019-10126\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3089\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3089\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:05", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ# 1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to support bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:3055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-3055.NASL", "href": "https://www.tenable.com/plugins/nessus/130128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3055 and \n# CentOS Errata and Security Advisory 2019:3055 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130128);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3055\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:3055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree\n(BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows\nServer 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#\n1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM\nwith > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with\nInPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6\naddress (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE\nsystem (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application\nfailure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds,\nbut the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP\nconnection setup and may cause DoS type reconnect problem in complex\nnetwork environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to\nsupport bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control\ngroup (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-October/023488.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68dd670d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:31", "description": "A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\ndepending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-14633)\n\nAn information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location.(CVE-2018-16658)\n\nA security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.(CVE-2018-17182)\n\nA flaw was found in the Linux kernels block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.(CVE-2018-20856)", "cvss3": {}, "published": "2018-10-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2018-1086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14633", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-20856"], "modified": "2022-02-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo"], "id": "ALA_ALAS-2018-1086.NASL", "href": "https://www.tenable.com/plugins/nessus/117923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1086.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117923);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/10\");\n\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-20856\");\n script_xref(name:\"ALAS\", value:\"2018-1086\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2018-1086)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A security flaw was found in the chap_server_compute_md5() function in\nthe ISCSI target code in the Linux kernel in a way an authentication\nrequest from an ISCSI initiator is processed. An unauthenticated\nremote attacker can cause a stack buffer overflow and smash up to 17\nbytes of the stack. The attack requires the iSCSI target to be enabled\non the victim host. Depending on how the target's code was built (i.e.\ndepending on a compiler, compile flags and hardware architecture) an\nattack may lead to a system crash and thus to a denial-of-service or\npossibly to a non-authorized access to data exported by an iSCSI\ntarget. Due to the nature of the flaw, privilege escalation cannot be\nfully ruled out, although we believe it is highly\nunlikely.(CVE-2018-14633)\n\nAn information leak was discovered in the Linux kernel in\ncdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that\ncould be used by local attackers to read kernel memory at certain\nlocation.(CVE-2018-16658)\n\nA security flaw was discovered in the Linux kernel. The\nvmacache_flush_all() function in mm/vmacache.c mishandles sequence\nnumber overflows. An attacker can trigger a use-after-free (and\npossibly gain privileges) via certain thread creation, map, unmap,\ninvalidation, and dereference operations.(CVE-2018-17182)\n\nA flaw was found in the Linux kernels block driver implementation\n(blk_drain_queue() function) where a use-after-free condition could be\ntriggered while draining the outstanding command queue in the systems\nblock device subsystem. An attacker could use this flaw to crash the\nsystem or corrupt local memory, which may lead to privilege\nescalation.(CVE-2018-20856)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1086.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum update kernel' and reboot your instance to update your\nsystem.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.72-68.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.72-68.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:03", "description": "An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2019:3076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3076.NASL", "href": "https://www.tenable.com/plugins/nessus/129960", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129960);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3076\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2019:3076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kpatch-patch is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by\nthe RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062-1-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062-debuginfo-1-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_1-1-4.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_1-debuginfo-1-4.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_2-1-3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_2-debuginfo-1-3.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kpatch-patch-3_10_0-1062 / kpatch-patch-3_10_0-1062-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:37", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ# 1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to support bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:3055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3055.NASL", "href": "https://www.tenable.com/plugins/nessus/129958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3055. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129958);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3055\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:3055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree\n(BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows\nServer 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#\n1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM\nwith > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with\nInPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6\naddress (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE\nsystem (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application\nfailure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds,\nbut the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP\nconnection setup and may cause DoS type reconnect problem in complex\nnetwork environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to\nsupport bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control\ngroup (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20856\", \"CVE-2019-10126\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3055\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3055\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:36", "description": "This update for the Linux Kernel 4.4.178-94_91 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3258-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3258-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-10220\",\n \"CVE-2019-13272\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.178-94_91 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to\nimproper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49b4377d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3256=1 SUSE-SLE-SAP-12-SP3-2019-3257=1\nSUSE-SLE-SAP-12-SP3-2019-3258=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3256=1 SUSE-SLE-SERVER-12-SP3-2019-3257=1\nSUSE-SLE-SERVER-12-SP3-2019-3258=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-debuginfo-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-debuginfo-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-debuginfo-6-2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:17:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0664 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0664)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-17133"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0664.NASL", "href": "https://www.tenable.com/plugins/nessus/134262", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0664. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134262);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0664\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0664)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0664 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-20856', 'CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0664');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.46.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:19", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18360", "CVE-2018-18281", "CVE-2018-18559", "CVE-2018-19824"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/123721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123721);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18360\",\n \"CVE-2018-18281\",\n \"CVE-2018-18559\",\n \"CVE-2018-19824\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A division-by-zero in set_termios(), when debugging is\n enabled, was found in the Linux kernel. When the\n [io_ti] driver is loaded, a local unprivileged attacker\n can request incorrect high transfer speed in the\n change_port_settings() in the\n drivers/usb/serial/io_ti.c so that the divisor value\n becomes zero and causes a system crash resulting in a\n denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - A flaw was found In the Linux kernel, through version\n 4.19.6, where a local user could exploit a\n use-after-free in the ALSA driver by supplying a\n malicious USB Sound device (with zero interfaces) that\n is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate\n privileges if the attacker is able to have physical\n access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and\n reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due\n to a race condition between packet_do_bind() and\n packet_notifier() functions called for an AF_PACKET\n socket. An unprivileged, local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to an unresponsive system or to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1ef0b72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.1_62\",\n \"kernel-devel-3.10.0-862.14.1.1_62\",\n \"kernel-headers-3.10.0-862.14.1.1_62\",\n \"kernel-tools-3.10.0-862.14.1.1_62\",\n \"kernel-tools-libs-3.10.0-862.14.1.1_62\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.1_62\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:06", "description": "It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service (client system crash). (CVE-2018-1066)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the socket implementation in the Linux kernel contained a type confusion error that could lead to memory corruption.\nA local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9568).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-05T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1066", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-9568"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3880-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3880-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121598);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-1066\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-9568\");\n script_xref(name:\"USN\", value:\"3880-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3880-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the CIFS client implementation in the Linux\nkernel did not properly handle setup negotiation during session\nrecovery, leading to a NULL pointer exception. An attacker could use\nthis to create a malicious CIFS server that caused a denial of service\n(client system crash). (CVE-2018-1066)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the socket implementation in the Linux kernel\ncontained a type confusion error that could lead to memory corruption.\nA local attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-9568).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3880-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1066\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-9568\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3880-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-165-generic\", pkgver:\"3.13.0-165.215\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-165-generic-lpae\", pkgver:\"3.13.0-165.215\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-165-lowlatency\", pkgver:\"3.13.0-165.215\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.165.175\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.165.175\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.165.175\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:19:22", "description": "USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4069-2.NASL", "href": "https://www.tenable.com/plugins/nessus/127792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127792);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-generic\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-generic-lpae\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-lowlatency\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-generic / linux-image-5.0-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126950);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-1\");\n\n script_name(english:\"Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-aws\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-gcp\", pkgver:\"5.0.0-1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-kvm\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1012-azure\", pkgver:\"5.0.0-1012.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1013-raspi2\", pkgver:\"5.0.0-1013.13\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-snapdragon\", pkgver:\"5.0.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic-lpae\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-lowlatency\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1012.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1013.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.0.0.1017.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.21.22\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:06", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-209-2.0-0175", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15239", "CVE-2019-15926"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/128725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-209-2.0-0175. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128725);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-15239\",\n \"CVE-2019-15926\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-209-2.0-0175\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-175.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.189-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:49", "description": "An update for kernel-alt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es) :\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel modules pkey and paes_s390 are not available (BZ#1719192)\n\n* pkey: Indicate old mkvp only if old and curr. mkvp are different (BZ# 1720621)\n\n* System dropped into Mon running softboots Exception: 501 (Hardware Interrupt) at c00000000000a814 replay_interrupt_return+0x0/0x4 (ipmi) (BZ# 1737563)\n\n* kernel: jump label transformation performance (BZ#1739143)\n\n* Backport i40e MDD detection removal for PFs (BZ#1747618)", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2019:3217)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-20856", "CVE-2019-11810", "CVE-2019-9500", "CVE-2019-9506"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3217.NASL", "href": "https://www.tenable.com/plugins/nessus/130373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3217. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130373);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-20856\", \"CVE-2019-11810\", \"CVE-2019-9500\", \"CVE-2019-9506\");\n script_xref(name:\"RHSA\", value:\"2019:3217\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2019:3217)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-alt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es) :\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n(CVE-2019-9500)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel modules pkey and paes_s390 are not available (BZ#1719192)\n\n* pkey: Indicate old mkvp only if old and curr. mkvp are different\n(BZ# 1720621)\n\n* System dropped into Mon running softboots Exception: 501 (Hardware\nInterrupt) at c00000000000a814 replay_interrupt_return+0x0/0x4 (ipmi)\n(BZ# 1737563)\n\n* kernel: jump label transformation performance (BZ#1739143)\n\n* Backport i40e MDD detection removal for PFs (BZ#1747618)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11810\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-20856\", \"CVE-2019-11810\", \"CVE-2019-9500\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3217\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3217\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-4.14.0-115.14.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-4.14.0-115.14.1.el7a\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:10", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5706 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages. (CVE-2013-4125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-05T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5706)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4125", "CVE-2018-18281", "CVE-2019-19523", "CVE-2019-19528", "CVE-2019-19537"], "modified": "2022-05-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5706.NASL", "href": "https://www.tenable.com/plugins/nessus/137172", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5706.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137172);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2013-4125\",\n \"CVE-2018-18281\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2019-19537\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5706 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1\n does not properly handle Router Advertisement (RA) messages in certain circumstances involving three\n routes that initially qualified for membership in an ECMP route set until a change occurred for one of the\n first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted\n sequence of messages. (CVE-2013-4125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5706.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19528\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.46.1.el6uek', '3.8.13-118.46.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5706');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.46.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.46.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.46.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.46.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.46.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.46.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.46.1.el6uek / dtrace-modules-3.8.13-118.46.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:30:29", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data.\n By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).(CVE-2018-20169)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.(CVE-2018-18281)\n\n - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service. (CVE-2017-18360)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18360", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-18281", "CVE-2018-20169"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1108.NASL", "href": "https://www.tenable.com/plugins/nessus/123121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123121);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2017-18360\",\n \"CVE-2018-10878\",\n \"CVE-2018-10881\",\n \"CVE-2018-18281\",\n \"CVE-2018-20169\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was discovered in the Linux kernel's USB\n subsystem in the __usb_get_extra_descriptor() function\n in the drivers/usb/core/usb.c which mishandles a size\n check during the reading of an extra descriptor data.\n By using a specially crafted USB device which sends a\n forged extra descriptor, an unprivileged user with\n physical access to the system can potentially cause a\n privilege escalation or trigger a system crash or lock\n up and thus to cause a denial of service\n (DoS).(CVE-2018-20169)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and\n reused.(CVE-2018-18281)\n\n - A division-by-zero in set_termios(), when debugging is\n enabled, was found in the Linux kernel. When the\n [io_ti] driver is loaded, a local unprivileged attacker\n can request incorrect high transfer speed in the\n change_port_settings() in the\n drivers/usb/serial/io_ti.c so that the divisor value\n becomes zero and causes a system crash resulting in a\n denial of service. (CVE-2017-18360)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.(CVE-2018-10878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1108\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f33765a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h165\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h165\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h165\",\n \"kernel-devel-3.10.0-514.44.5.10.h165\",\n \"kernel-headers-3.10.0-514.44.5.10.h165\",\n \"kernel-tools-3.10.0-514.44.5.10.h165\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h165\",\n \"perf-3.10.0-514.44.5.10.h165\",\n \"python-perf-3.10.0-514.44.5.10.h165\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:59", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.i1/4^CVE-2016-10741i1/4%0\n\n - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10741", "CVE-2017-18360", "CVE-2018-18281", "CVE-2018-18559", "CVE-2018-19824"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1244.NASL", "href": "https://www.tenable.com/plugins/nessus/123712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123712);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10741\",\n \"CVE-2017-18360\",\n \"CVE-2018-18281\",\n \"CVE-2018-18559\",\n \"CVE-2018-19824\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found In the Linux kernel, through version\n 4.19.6, where a local user could exploit a\n use-after-free in the ALSA driver by supplying a\n malicious USB Sound device (with zero interfaces) that\n is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate\n privileges if the attacker is able to have physical\n access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - It was found that the Linux kernel can hit a BUG_ON()\n statement in the __xfs_get_blocks() in the\n fs/xfs/xfs_aops.c because of a race condition between\n direct and memory-mapped I/O associated with a hole in\n a file that is handled with BUG_ON() instead of an I/O\n failure. This allows a local unprivileged attacker to\n cause a system crash and a denial of\n service.i1/4^CVE-2016-10741i1/4%0\n\n - A division-by-zero in set_termios(), when debugging is\n enabled, was found in the Linux kernel. When the\n [io_ti] driver is loaded, a local unprivileged attacker\n can request incorrect high transfer speed in the\n change_port_settings() in the\n drivers/usb/serial/io_ti.c so that the divisor value\n becomes zero and causes a system crash resulting in a\n denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and\n reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due\n to a race condition between packet_do_bind() and\n packet_notifier() functions called for an AF_PACKET\n socket. An unprivileged, local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to an unresponsive system or to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1244\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ebc7ba2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_132\",\n \"kernel-devel-3.10.0-514.44.5.10_132\",\n \"kernel-headers-3.10.0-514.44.5.10_132\",\n \"kernel-tools-3.10.0-514.44.5.10_132\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_132\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_132\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:39", "description": "It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-20856)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10638", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-3900"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4116-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4116-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128476);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10638\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3900\");\n script_xref(name:\"USN\", value:\"4116-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a use-after-free error existed in the block\nlayer subsystem of the Linux kernel when certain failure conditions\noccurred. A local attacker could possibly use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2018-20856)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4116-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");
(RHSA-2020:0100) Important: kernel-rt security and bug fix update
