The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
* kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* LACP bond does not function because bonding driver sees slave speed & duplex as Unknown (BZ#1772779)
* ixgbevf guess causes excessive interrupts in hypervisor due to get link settings (BZ#1795404)
{"ibm": [{"lastseen": "2023-02-27T21:54:40", "description": "## Summary\n\nKernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-17055](<https://vulners.com/cve/CVE-2019-17055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168362>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-17133](<https://vulners.com/cve/CVE-2019-17133>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the cfg80211_mgd_wext_giwessid functions in net/wireless/wext-sme.c. By sending an overly long long SSID IE, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168370>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Host Management| All IBM Netezza Host Management 5.4.9.0 - 5.4.26.0 \n \n\n\n## Remediation/Fixes\n\nTo resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) on following platforms : \n\nPureData System for Analytics N3001 \nPureData System for Analytics N200x \n \nUpdate to the following IBM Netezza Host Management release :\n\nProduct\n\n| \n\nVRMF\n\n| \n\nRemediation/Fix \n \n---|---|--- \n \nIBM Netezza Host Management\n\n| \n\n5.4.27.0\n\n| \n\n[Fix Central Link](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FNetezza+Platform&release=HOSTMGMT_5&platform=All&function=fixId&fixids=5.4.27.0-IM-Netezza-HOSTMGMT-fp125543> \"Fix Central Link\" ) \n \nThe Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances. \n \nFor more details on IBM Netezza Host Management security patching:\n\n * [Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances](<http://www-01.ibm.com/support/docview.wss?uid=swg21615012>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T18:07:55", "type": "ibm", "title": "Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133"], "modified": "2020-06-19T18:07:55", "id": "0FC7CED4B78FA51F433FBF3BAC439FB6F67980E97861DB61D5E227DA0D8C5CFF", "href": "https://www.ibm.com/support/pages/node/6235874", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:49:29", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-10711](<https://vulners.com/cve/CVE-2020-10711>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference while receiving CIPSO packet with null category in the SELinux subsystem. By sending a specially-crafted CIPSO packet, a remote attacker could exploit this vulnerability to the system to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-1000371](<https://vulners.com/cve/CVE-2017-1000371>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions, caused by a flaw in offset2lib patch. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127456](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127456>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-17666](<https://vulners.com/cve/CVE-2019-17666>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the rtl_p2p_noa_ie function in drivers/net/wireless/realtek/rtlwifi/ps.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169487](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169487>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17055](<https://vulners.com/cve/CVE-2019-17055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168362>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-17133](<https://vulners.com/cve/CVE-2019-17133>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the cfg80211_mgd_wext_giwessid functions in net/wireless/wext-sme.c. By sending an overly long long SSID IE, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168370>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18634](<https://vulners.com/cve/CVE-2019-18634>) \n** DESCRIPTION: **Apple macOS Catalina is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the privileged sudo process. By sending an overly long string to the stdin of getln() in tgetpass.c., a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175358](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175358>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security QRadar Packet Capture 7.4.0 GA\n\nIBM Security QRadar Packet Capture 7.3.0 to 7.3.3 Patch 1\n\n \n\n\n## Remediation/Fixes\n\n[IBM Security QRadar Packet Capture 7.4.0 Patch 1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Packet+Capture&release=All&platform=All&function=fixId&fixids=7.4.0-QRadar-PCAP-build-401&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"IBM Security QRadar Packet Capture 7.4.0 Patch 1\" )\n\n[IBM Security QRadar Packet Capture 7.3.3 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Packet+Capture&release=All&platform=All&function=fixId&fixids=7.3.3-QRadar-PCAP-build-372&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Security QRadar Packet Capture 7.3.3 Patch 2\" )\n\n[IBM Security QRadar Packet Capture 7.3.2 Patch 4](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Packet+Capture&release=All&platform=All&function=fixId&fixids=7.3.2-QRadar-PCAP-build-340&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Security QRadar Packet Capture 7.3.2 Patch 4\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-28T17:16:55", "type": "ibm", "title": "Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-17055", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18634", "CVE-2020-10711"], "modified": "2020-10-28T17:16:55", "id": "22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "href": "https://www.ibm.com/support/pages/node/6241524", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:49:29", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2583](<https://vulners.com/cve/CVE-2020-2583>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174531>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2590](<https://vulners.com/cve/CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-2593](<https://vulners.com/cve/CVE-2020-2593>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2601](<https://vulners.com/cve/CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2604](<https://vulners.com/cve/CVE-2020-2604>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174551](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174551>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2654](<https://vulners.com/cve/CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2659](<https://vulners.com/cve/CVE-2020-2659>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174606](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174606>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-18634](<https://vulners.com/cve/CVE-2019-18634>) \n** DESCRIPTION: **Apple macOS Catalina is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the privileged sudo process. By sending an overly long string to the stdin of getln() in tgetpass.c., a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175358](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175358>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17055](<https://vulners.com/cve/CVE-2019-17055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168362>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-17133](<https://vulners.com/cve/CVE-2019-17133>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the cfg80211_mgd_wext_giwessid functions in net/wireless/wext-sme.c. By sending an overly long long SSID IE, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168370>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2756](<https://vulners.com/cve/CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2757](<https://vulners.com/cve/CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2773](<https://vulners.com/cve/CVE-2020-2773>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179673](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179673>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<https://vulners.com/cve/CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<https://vulners.com/cve/CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2803](<https://vulners.com/cve/CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2805](<https://vulners.com/cve/CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<https://vulners.com/cve/CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security QRadar Packet Capture 7.3.0 - 7.3.3 Patch 1\n\nIBM Security QRadar Packet Capture 7.4.0 - 7.4.0 Patch 1\n\n \n\n\n## Remediation/Fixes\n\n[IBM Security QRadar Packet Capture 7.3.3 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Packet+Capture&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRadar-PCAP-build-372&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Security QRadar Packet Capture 7.3.3 Patch 2\" )\n\n[IBM Security QRadar Packet Capture 7.4.1 GA](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Packet+Capture&release=All&platform=Linux&function=fixId&fixids=7.4.1-QRadar-PCAP-build-440&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Security QRadar Packet Capture 7.4.1 GA\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-28T17:16:55", "type": "ibm", "title": "Security Bulletin: \tIBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133", "CVE-2019-18634", "CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-10-28T17:16:55", "id": "C8805CB7A9877952E3B667A528AE49619053A2D7DB5F1F65CA2C84C382A15EAE", "href": "https://www.ibm.com/support/pages/node/6258317", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:49", "description": "## Summary\n\nThere are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-19252](<https://vulners.com/cve/CVE-2019-19252>) \n**DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the vcs_write function in drivers/tty/vt/vc_screen.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172133>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-18675](<https://vulners.com/cve/CVE-2019-18675>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the cpia2_remap_buffer function in drivers/media/usb/cpia2/cpia2_core.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain read and write permissions on kernel physical pages. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-10220](<https://vulners.com/cve/CVE-2019-10220>) \n**DESCRIPTION: **Linux Kernel CIFS implementation could allow a remote attacker to traverse directories on the system, caused by a flaw in the cifs.ko. An attacker could send a specially-crafted request to modify arbitrary files on the system. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172424>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15213](<https://vulners.com/cve/CVE-2019-15213>) \n**DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the dvb-usb-init.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15214](<https://vulners.com/cve/CVE-2019-15214>) \n**DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the sound subsystem. By performing card disconnection actions, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165535](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165535>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15215](<https://vulners.com/cve/CVE-2019-15215>) \n**DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the cpia2_usb.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165536](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165536>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15216](<https://vulners.com/cve/CVE-2019-15216>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165537](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165537>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15220](<https://vulners.com/cve/CVE-2019-15220>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the p54usb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15221](<https://vulners.com/cve/CVE-2019-15221>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the pcm.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15211](<https://vulners.com/cve/CVE-2019-15211>) \n**DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the v4l2-dev.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15222](<https://vulners.com/cve/CVE-2019-15222>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the helper.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15223](<https://vulners.com/cve/CVE-2019-15223>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the driver.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165544](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165544>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15212](<https://vulners.com/cve/CVE-2019-15212>) \n**DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a double-free flaw in the rio500.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15217](<https://vulners.com/cve/CVE-2019-15217>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15218](<https://vulners.com/cve/CVE-2019-15218>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the smsusb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15219](<https://vulners.com/cve/CVE-2019-15219>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the sisusb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165540](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165540>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-15291](<https://vulners.com/cve/CVE-2019-15291>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the flexcop_usb_probe function in the flexcop-usb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-17053](<https://vulners.com/cve/CVE-2019-17053>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ieee802154_create function in net/ieee802154/socket.c in the AF_IEEE802154 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168360](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168360>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-17075](<https://vulners.com/cve/CVE-2019-17075>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw in the write_tpt_entry function in drivers/infiniband/hw/cxgb4/mem.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168363](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168363>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-17054](<https://vulners.com/cve/CVE-2019-17054>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by the failure to enforce CAP_NET_RAW in the net/appletalk/ddp.c in the AF_APPLETALK network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168361>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-17055](<https://vulners.com/cve/CVE-2019-17055>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168362>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-17056](<https://vulners.com/cve/CVE-2019-17056>) \n**DESCRIPTION: **Linux Kernel could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the failure to enforce CAP_NET_RAW by llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module. An attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168412](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168412>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-17052](<https://vulners.com/cve/CVE-2019-17052>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ax25_create function in net/ax25/af_ax25.c in the AF_AX25 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2020-10942](<https://vulners.com/cve/CVE-2020-10942>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by improper validation of an sk_family field by the get_raw_socket function in drivers/vhost/net.c. By sending specially-crafted system calls, a local attacker could exploit this vulnerability to cause a kernel stack corruption resulting in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-9383](<https://vulners.com/cve/CVE-2020-9383>) \n**DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the set_fdc function in drivers/block/floppy.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n**CVEID: **[CVE-2019-19768](<https://vulners.com/cve/CVE-2019-19768>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-19947](<https://vulners.com/cve/CVE-2019-19947>) \n**DESCRIPTION: **Linux Kernel could allow a physical attacker to obtain sensitive information, caused by an uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-19965](<https://vulners.com/cve/CVE-2019-19965>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in drivers/scsi/libsas/sas_discover.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-19241](<https://vulners.com/cve/CVE-2019-19241>) \n**DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the sendmsg function. By sending a specially-crafted request related to io_uring Offload, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173106](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173106>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-19769](<https://vulners.com/cve/CVE-2019-19769>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the perf_trace_lock_acquire function in include/trace/events/lock.h. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-19767](<https://vulners.com/cve/CVE-2019-19767>) \n**DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __ext4_expand_extra_isize and ext4_xattr_set_entry functions in fs/ext4/inode.c and fs/ext4/super.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173054](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173054>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-19447](<https://vulners.com/cve/CVE-2019-19447>) \n**DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ext4_put_super function in fs/ext4/super.c. By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Spectrum Protect Plus | 10.1.0-10.1.5 \n \n## Remediation/Fixes\n\n**Spectrum Protect** \n**Plus Release** | **First Fixing** \n**VRM Level** | **Platform** | **Link to Fix** \n---|---|---|--- \n10.1 | 10.1.5.2199 | Linux | <https://www.ibm.com/support/pages/node/1135035> \n \nRHEL/CentOS is not providing a fix for CVE-2019-15291 at this time as there is a mitigation. Please refer to the **Workarounds and Mitigations** section below.\n\n## Workarounds and Mitigations\n\nFor CVE-2019-15291, refer to the mitigation documented at this link: <https://access.redhat.com/security/cve/cve-2019-15291>\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-01T00:35:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10220", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15222", "CVE-2019-15223", "CVE-2019-15291", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-18675", "CVE-2019-19241", "CVE-2019-19252", "CVE-2019-19447", "CVE-2019-19767", "CVE-2019-19768", "CVE-2019-19769", "CVE-2019-19947", "CVE-2019-19965", "CVE-2020-10942", "CVE-2020-9383"], "modified": "2020-04-01T00:35:26", "id": "B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E", "href": "https://www.ibm.com/support/pages/node/6116992", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:44:31", "description": "## Summary\n\nIBM QRadar Network Security has addressed following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-18551](<https://vulners.com/cve/CVE-2017-18551>) \n** DESCRIPTION: **Linux kernel is vulnerable to a buffer overflow, caused by a missing bounds check in drivers/i2c/i2c-core-smbus.c. An attacker could overflow an array and perform unspecified actions. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-20836](<https://vulners.com/cve/CVE-2018-20836>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161631](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161631>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-12614](<https://vulners.com/cve/CVE-2019-12614>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the dlpar_parse_cc_property function in arch/powerpc/platforms/pseries/dlpar.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162121](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162121>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-15807](<https://vulners.com/cve/CVE-2019-15807>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in sas_expander.c when SAS expander discovery fails. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-16231](<https://vulners.com/cve/CVE-2019-16231>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/net/fjes/fjes_main.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166961](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166961>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-16233](<https://vulners.com/cve/CVE-2019-16233>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/scsi/qla2xxx/qla_os.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-16994](<https://vulners.com/cve/CVE-2019-16994>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the sit_init_net function in net/ipv6/sit.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168245](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168245>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-17053](<https://vulners.com/cve/CVE-2019-17053>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ieee802154_create function in net/ieee802154/socket.c in the AF_IEEE802154 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168360](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168360>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-17055](<https://vulners.com/cve/CVE-2019-17055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168362>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-18808](<https://vulners.com/cve/CVE-2019-18808>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the ccp_run_sha_cmd function in drivers/crypto/ccp/ccp-ops.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19058](<https://vulners.com/cve/CVE-2019-19058>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19062](<https://vulners.com/cve/CVE-2019-19062>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the crypto_report() function in crypto/crypto_user_base.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19063](<https://vulners.com/cve/CVE-2019-19063>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by multiple memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171775](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171775>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19332](<https://vulners.com/cve/CVE-2019-19332>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory write in KVM hypervisor. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173143](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173143>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19447](<https://vulners.com/cve/CVE-2019-19447>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ext4_put_super function in fs/ext4/super.c. By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19523](<https://vulners.com/cve/CVE-2019-19523>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/usb/misc/adutux.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19524](<https://vulners.com/cve/CVE-2019-19524>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/input/ff-memless.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19534](<https://vulners.com/cve/CVE-2019-19534>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by missing memory initialization in drivers/net/can/usb/peak_usb/pcan_usb_core.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 2.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-19537](<https://vulners.com/cve/CVE-2019-19537>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in drivers/usb/core/file.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause the system to stop responding. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172608](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172608>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19767](<https://vulners.com/cve/CVE-2019-19767>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __ext4_expand_extra_isize and ext4_xattr_set_entry functions in fs/ext4/inode.c and fs/ext4/super.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173054](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173054>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-20054](<https://vulners.com/cve/CVE-2019-20054>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-20636](<https://vulners.com/cve/CVE-2019-20636>) \n** DESCRIPTION: **Linux Linux could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the input_set_keycode function. By using a specially-crafted keycode table, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20934](<https://vulners.com/cve/CVE-2019-20934>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the show_numa_stats function. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165068](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165068>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9454](<https://vulners.com/cve/CVE-2019-9454>) \n** DESCRIPTION: **Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by a memory corruption in the i2c driver. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166734](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166734>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10732](<https://vulners.com/cve/CVE-2020-10732>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181554](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181554>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-10742](<https://vulners.com/cve/CVE-2020-10742>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow during Direct IO write. A local authenticated attacker could exploit this vulnerability using a reach out of the index after one memory allocation by kmalloc to cause the NFS client to crash. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185376](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185376>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-10751](<https://vulners.com/cve/CVE-2020-10751>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with improper validation of first netlink message by the SELinux LSM hook implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow or deny the rest of the netlink messages within the skb with the granted permission without further processing. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-11565](<https://vulners.com/cve/CVE-2020-11565>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a stack-based out-of-bounds write flaw in the mpol_parse_str function in mm/mempolicy.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-12770](<https://vulners.com/cve/CVE-2020-12770>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an issue with sg_write lacks an sg_remove_request call in a certain failure case. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181750>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-12826](<https://vulners.com/cve/CVE-2020-12826>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions, caused by a signal access-control issue in exec_id in include/linux/sched.h. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass checks to send any signal to a privileged process. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182113](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182113>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-1749](<https://vulners.com/cve/CVE-2020-1749>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an error in the implementation of some ipv6 protocols in encrypted Ipsec tunnels. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to read the traffic unencrypted. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181872](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181872>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-25704](<https://vulners.com/cve/CVE-2020-25704>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the perf_event_parse_addr_filter function. By executing a specially-crafted program, a local attacker could exploit this vulnerability to exhaust available memory on the system. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191348](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191348>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36322](<https://vulners.com/cve/CVE-2020-36322>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw in the fuse_do_getattr function in the FUSE filesystem implementation in . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36385](<https://vulners.com/cve/CVE-2020-36385>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in drivers/infiniband/core/ucma.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8647](<https://vulners.com/cve/CVE-2020-8647>) \n** DESCRIPTION: **Linux kernel could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the vc_do_resize function of drivers/tty/vt/vt.c. An attacker could exploit this vulnerability to read memory that should not be available for access. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-9383](<https://vulners.com/cve/CVE-2020-9383>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the set_fdc function in drivers/block/floppy.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-27363](<https://vulners.com/cve/CVE-2021-27363>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a kernel pointer leak when show_transport_handle function in drivers/scsi/scsi_transport_iscsi.c is called. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the address of the iscsi_transport structure information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-27364](<https://vulners.com/cve/CVE-2021-27364>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the iscsi_if_recv_msg function in drivers/scsi/scsi_transport_iscsi.c. By sending specially-crafted Netlink messages, an attacker could exploit this vulnerability to connect to the iscsi NETLINK socket and send arbitrary commands to the kernel. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-27365](<https://vulners.com/cve/CVE-2021-27365>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an issue when certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. By sending a specially-crafted Netlink message, an attacker could exploit this vulnerability to obtain memory information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197859>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-33033](<https://vulners.com/cve/CVE-2021-33033>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the cipso_v4_genopt function in net/ipv4/cipso_ipv4.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-33034](<https://vulners.com/cve/CVE-2021-33034>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw when destroying an hci_chan in net/bluetooth/hci_event.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203149](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203149>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-33909](<https://vulners.com/cve/CVE-2021-33909>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in fs/seq_file.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges to root. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3715](<https://vulners.com/cve/CVE-2021-3715>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4.0\n\nIBM QRadar Network Security 5.5.0\n\n \n\n\n## Remediation/Fixes\n\n_Product_ | \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \n \nIBM QRadar Network Security\n\n| \n\n5.4.0\n\n| \n\nInstall Firmware 5.4.0.16 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.16 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \nIBM QRadar Network Security\n\n| \n\n5.5.0\n\n| \n\nInstall Firmware 5.5.0.11 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.5.0.11 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-07T11:14:38", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-12614", "CVE-2019-15807", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19058", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-20934", "CVE-2019-9454", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-11565", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-1749", "CVE-2020-25704", "CVE-2020-36322", "CVE-2020-36385", "CVE-2020-8647", "CVE-2020-9383", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909", "CVE-2021-3715"], "modified": "2022-07-07T11:14:38", "id": "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "href": "https://www.ibm.com/support/pages/node/6601949", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:47:15", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-18074](<https://vulners.com/cve/CVE-2018-18074>) \n** DESCRIPTION: **The Requests package for Python could allow a remote attacker to obtain sensitive information, caused by sending information in an insecure manner. By sniffing the network, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-20060](<https://vulners.com/cve/CVE-2018-20060>) \n** DESCRIPTION: **urllib3 could allow a remote attacker to obtain sensitive information, caused by the failure to remove the Authorization HTTP header when following a cross-origin redirect. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain credentials in the Authorization header. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154226>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11236](<https://vulners.com/cve/CVE-2019-11236>) \n** DESCRIPTION: **Python urllib3 is vulnerable to CRLF injection, caused by improper validation of user-supplied input by the request parameter. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11324](<https://vulners.com/cve/CVE-2019-11324>) \n** DESCRIPTION: **urllib3 could allow a remote attacker to bypass security restrictions, caused by mishandling of certificates. By sending a specially-crafted certificate, an attacker could exploit this vulnerability to allow SSL connections. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159909>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-5094](<https://vulners.com/cve/CVE-2019-5094>) \n** DESCRIPTION: **E2fsprogs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the quota file functionality. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167547](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167547>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-5188](<https://vulners.com/cve/CVE-2019-5188>) \n** DESCRIPTION: **E2fsprogs could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the directory rehashing function. By using a specially-crafted ext4 directory, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11008](<https://vulners.com/cve/CVE-2020-11008>) \n** DESCRIPTION: **Git could allow a remote attacker to obtain sensitive information, caused by a flaw in the external \"credential helper\" programs. By feeding a specially-crafted URL to git clone, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-12450](<https://vulners.com/cve/CVE-2019-12450>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by improper permission control in the file_copy_fallback in gio/gfile.c. An attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-14822](<https://vulners.com/cve/CVE-2019-14822>) \n** DESCRIPTION: **IBus could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to monitor and send method calls to the ibus bus of another user. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167063](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167063>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-14973](<https://vulners.com/cve/CVE-2019-14973>) \n** DESCRIPTION: **LibTIFF is vulnerable to a denial of service, caused by an iInteger overflow in the _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165333](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165333>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17546](<https://vulners.com/cve/CVE-2019-17546>) \n** DESCRIPTION: **libtiff is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the tif_getimage.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168952>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-15715](<https://vulners.com/cve/CVE-2017-15715>) \n** DESCRIPTION: **Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the < FilesMatch > expression matching '$' to a newline character in a malicious filename instead of the end of the filename. By matching the trailing portion of the filename, an attacker could exploit to bypass security controls that use the < FilesMatch > directive. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1283](<https://vulners.com/cve/CVE-2018-1283>) \n** DESCRIPTION: **Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when mod_session is configured with SessionEnv on to forward session data to CGI applications. By using a specially crafted \"Session\" header, an attacker could exploit this vulnerability to modify mod_session data on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1303](<https://vulners.com/cve/CVE-2018-1303>) \n** DESCRIPTION: **Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory read error in mod_cache_socache. By sending a specially crafted HTTP request header, an attacker could exploit this vulnerability to cause the service to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140854>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-10098](<https://vulners.com/cve/CVE-2019-10098>) \n** DESCRIPTION: **Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165366](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165366>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-1927](<https://vulners.com/cve/CVE-2020-1927>) \n** DESCRIPTION: **Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178936](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178936>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-1934](<https://vulners.com/cve/CVE-2020-1934>) \n** DESCRIPTION: **Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178937](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178937>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-18551](<https://vulners.com/cve/CVE-2017-18551>) \n** DESCRIPTION: **Linux kernel is vulnerable to a buffer overflow, caused by a missing bounds check in drivers/i2c/i2c-core-smbus.c. An attacker could overflow an array and perform unspecified actions. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-20836](<https://vulners.com/cve/CVE-2018-20836>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161631](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161631>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-15217](<https://vulners.com/cve/CVE-2019-15217>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-15807](<https://vulners.com/cve/CVE-2019-15807>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in sas_expander.c when SAS expander discovery fails. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-15917](<https://vulners.com/cve/CVE-2019-15917>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166477](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166477>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-16231](<https://vulners.com/cve/CVE-2019-16231>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/net/fjes/fjes_main.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166961](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166961>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-16233](<https://vulners.com/cve/CVE-2019-16233>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/scsi/qla2xxx/qla_os.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-16994](<https://vulners.com/cve/CVE-2019-16994>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the sit_init_net function in net/ipv6/sit.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168245](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168245>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-17053](<https://vulners.com/cve/CVE-2019-17053>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ieee802154_create function in net/ieee802154/socket.c in the AF_IEEE802154 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168360](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168360>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-17055](<https://vulners.com/cve/CVE-2019-17055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168362>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-19046](<https://vulners.com/cve/CVE-2019-19046>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19062](<https://vulners.com/cve/CVE-2019-19062>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the crypto_report() function in crypto/crypto_user_base.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19063](<https://vulners.com/cve/CVE-2019-19063>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by multiple memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171775](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171775>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19332](<https://vulners.com/cve/CVE-2019-19332>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory write in KVM hypervisor. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173143](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173143>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19447](<https://vulners.com/cve/CVE-2019-19447>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ext4_put_super function in fs/ext4/super.c. By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19524](<https://vulners.com/cve/CVE-2019-19524>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/input/ff-memless.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19530](<https://vulners.com/cve/CVE-2019-19530>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/usb/class/cdc-acm.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19534](<https://vulners.com/cve/CVE-2019-19534>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by missing memory initialization in drivers/net/can/usb/peak_usb/pcan_usb_core.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 2.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-19537](<https://vulners.com/cve/CVE-2019-19537>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in drivers/usb/core/file.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause the system to stop responding. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172608](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172608>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19767](<https://vulners.com/cve/CVE-2019-19767>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __ext4_expand_extra_isize and ext4_xattr_set_entry functions in fs/ext4/inode.c and fs/ext4/super.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173054](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173054>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19807](<https://vulners.com/cve/CVE-2019-19807>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in sound/core/timer.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173150](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173150>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-20054](<https://vulners.com/cve/CVE-2019-20054>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-20636](<https://vulners.com/cve/CVE-2019-20636>) \n** DESCRIPTION: **Linux Linux could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the input_set_keycode function. By using a specially-crafted keycode table, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9454](<https://vulners.com/cve/CVE-2019-9454>) \n** DESCRIPTION: **Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by a memory corruption in the i2c driver. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166734](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166734>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9458](<https://vulners.com/cve/CVE-2019-9458>) \n** DESCRIPTION: **Google Android could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the video driver. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166730](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166730>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10690](<https://vulners.com/cve/CVE-2020-10690>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the cdev_put function in the Precision Time Protocol (PTP). By removing a PTP device while chardev is open, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10732](<https://vulners.com/cve/CVE-2020-10732>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181554](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181554>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-10742](<https://vulners.com/cve/CVE-2020-10742>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow during Direct IO write. A local authenticated attacker could exploit this vulnerability using a reach out of the index after one memory allocation by kmalloc to cause the NFS client to crash. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185376](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185376>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-10751](<https://vulners.com/cve/CVE-2020-10751>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with improper validation of first netlink message by the SELinux LSM hook implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow or deny the rest of the netlink messages within the skb with the granted permission without further processing. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-10942](<https://vulners.com/cve/CVE-2020-10942>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by improper validation of an sk_family field by the get_raw_socket function in drivers/vhost/net.c. By sending specially-crafted system calls, a local attacker could exploit this vulnerability to cause a kernel stack corruption resulting in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1\n\nIBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1\n\nIBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5\n\n \n\n\n \n\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM 7.4.2 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.4.2-QRADAR-QRSIEM-20210120225428&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR> \"QRadar / QRM / QVM 7.4.2 Patch 2\" )\n\n[QRadar / QRM / QVM 7.4.1 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.1-QRADAR-QRSIEM-20201112005343&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 2\" )\n\n[QRadar / QRM / QVM 7.3.3 Patch 7](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20210111145446&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 7\" )\n\n \n\n\nQRadar incident forensics please use the SFS below\n\n[QRadar Incident Forensics / QNI 7.4.2 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=All&platform=Linux&function=fixId&fixids=7.4.2-QRADAR-QIFSFS-20210120225428&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar Incident Forensics / QNI 7.4.2 Patch 2\" )\n\n[QRadar Incident Forensics / QNI 7.4.1 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=All&platform=Linux&function=fixId&fixids=7.4.1-QRADAR-QIFSFS-20201112005343&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar Incident Forensics / QNI 7.4.1 Patch 2\" )\n\n[QRadar Incident Forensics / QNI 7.3.3 Patch 7](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20210111145446&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar Incident Forensics / QNI 7.3.3 Patch 7\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-27T00:05:29", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15715", "CVE-2017-18551", "CVE-2018-1283", "CVE-2018-1303", "CVE-2018-18074", "CVE-2018-20060", "CVE-2018-20836", "CVE-2019-10098", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-12450", "CVE-2019-14822", "CVE-2019-14973", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-17546", "CVE-2019-19046", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-5094", "CVE-2019-5188", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11008", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2021-01-27T00:05:29", "id": "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "href": "https://www.ibm.com/support/pages/node/6408856", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-02-10T14:50:46", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0050)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0050_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/141403", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0050. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141403);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2019-17055\", \"CVE-2019-17133\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0050)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0050\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 4.05': [\n 'kernel-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-abi-whitelists-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-debug-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-debug-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-debug-devel-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-devel-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-firmware-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'kernel-headers-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'perf-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'python-perf-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3',\n 'python-perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.154.g27feaf3'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:35:03", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0790 advisory.\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2020:0790)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-firmware:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_els:6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0790.NASL", "href": "https://www.tenable.com/plugins/nessus/134439", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0790. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134439);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-17055\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0790\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2020:0790)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0790 advisory.\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 250);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-17055', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0790');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/system-z/6/6Server/s390x/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/os',\n 'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/os',\n 'content/fastrack/rhel/system-z/6/s390x/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-firmware-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-2.6.32-754.28.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-2.6.32-754.28.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:30:57", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* LACP bond does not function because bonding driver sees slave speed & duplex as Unknown (BZ#1772779)\n\n* ixgbevf guess causes excessive interrupts in hypervisor due to get link settings (BZ#1795404)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2020:0790)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133"], "modified": "2020-03-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2020-0790.NASL", "href": "https://www.tenable.com/plugins/nessus/134453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0790 and \n# CentOS Errata and Security Advisory 2020:0790 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134453);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/18\");\n\n script_cve_id(\"CVE-2019-17055\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0790\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2020:0790)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: unprivileged users able to create RAW sockets in AF_ISDN\nnetwork protocol. (CVE-2019-17055)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* LACP bond does not function because bonding driver sees slave speed\n& duplex as Unknown (BZ#1772779)\n\n* ixgbevf guess causes excessive interrupts in hypervisor due to get\nlink settings (BZ#1795404)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-March/035659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f6cb539\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-754.28.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:29:59", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0790 advisory.\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2020-0790)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-0790.NASL", "href": "https://www.tenable.com/plugins/nessus/134556", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-0790.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134556);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-17055\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0790\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2020-0790)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-0790 advisory.\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-0790.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-754.28.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-0790');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-754.28.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.28.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.28.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:29:43", "description": "Security Fix(es) :\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless /wext-sme.c (CVE-2019-17133)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)\n\nBug Fix(es) :\n\n - LACP bond does not function because bonding driver sees slave speed & duplex as Unknown\n\n - ixgbevf guess causes excessive interrupts in hypervisor due to get link settings", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200311)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17055", "CVE-2019-17133"], "modified": "2020-03-16T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200311_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/134440", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134440);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/16\");\n\n script_cve_id(\"CVE-2019-17055\", \"CVE-2019-17133\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200311)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\n net/wireless /wext-sme.c (CVE-2019-17133)\n\n - kernel: unprivileged users able to create RAW sockets in\n AF_ISDN network protocol. (CVE-2019-17055)\n\nBug Fix(es) :\n\n - LACP bond does not function because bonding driver sees\n slave speed & duplex as Unknown\n\n - ixgbevf guess causes excessive interrupts in hypervisor\n due to get link settings\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2003&L=SCIENTIFIC-LINUX-ERRATA&P=2277\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d53c4663\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-754.28.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-754.28.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:57:35", "description": "This update for the Linux Kernel 3.12.74-60_64_118 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108).\n\nCVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-31T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2829-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10220", "CVE-2019-17133"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_109-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_98-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_156-94_64-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_156-94_64-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_69-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_69-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_72-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_72-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2829-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130424", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2829-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130424);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-17133\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2829-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 3.12.74-60_64_118 fixes several\nissues.\n\nThe following security issues were fixed :\n\nCVE-2019-10220: Fixed a relative path escape in the Samba client\nmodule (bsc#1144903, bsc#1153108).\n\nCVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid\nin net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192829-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12baed1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2832=1 SUSE-SLE-SAP-12-SP3-2019-2833=1\nSUSE-SLE-SAP-12-SP3-2019-2834=1 SUSE-SLE-SAP-12-SP3-2019-2835=1\nSUSE-SLE-SAP-12-SP3-2019-2836=1 SUSE-SLE-SAP-12-SP3-2019-2837=1\nSUSE-SLE-SAP-12-SP3-2019-2838=1 SUSE-SLE-SAP-12-SP3-2019-2839=1\nSUSE-SLE-SAP-12-SP3-2019-2840=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2825=1 SUSE-SLE-SAP-12-SP2-2019-2826=1\nSUSE-SLE-SAP-12-SP2-2019-2827=1 SUSE-SLE-SAP-12-SP2-2019-2828=1\nSUSE-SLE-SAP-12-SP2-2019-2829=1 SUSE-SLE-SAP-12-SP2-2019-2830=1\nSUSE-SLE-SAP-12-SP2-2019-2831=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2822=1 SUSE-SLE-SAP-12-SP1-2019-2823=1\nSUSE-SLE-SAP-12-SP1-2019-2824=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2832=1 SUSE-SLE-SERVER-12-SP3-2019-2833=1\nSUSE-SLE-SERVER-12-SP3-2019-2834=1 SUSE-SLE-SERVER-12-SP3-2019-2835=1\nSUSE-SLE-SERVER-12-SP3-2019-2836=1 SUSE-SLE-SERVER-12-SP3-2019-2837=1\nSUSE-SLE-SERVER-12-SP3-2019-2838=1 SUSE-SLE-SERVER-12-SP3-2019-2839=1\nSUSE-SLE-SERVER-12-SP3-2019-2840=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2825=1 SUSE-SLE-SERVER-12-SP2-2019-2826=1\nSUSE-SLE-SERVER-12-SP2-2019-2827=1 SUSE-SLE-SERVER-12-SP2-2019-2828=1\nSUSE-SLE-SERVER-12-SP2-2019-2829=1 SUSE-SLE-SERVER-12-SP2-2019-2830=1\nSUSE-SLE-SERVER-12-SP2-2019-2831=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2822=1 SUSE-SLE-SERVER-12-SP1-2019-2823=1\nSUSE-SLE-SERVER-12-SP1-2019-2824=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2850=1\nSUSE-SLE-Module-Live-Patching-15-SP1-2019-2851=1\nSUSE-SLE-Module-Live-Patching-15-SP1-2019-2861=1\nSUSE-SLE-Module-Live-Patching-15-SP1-2019-2862=1\nSUSE-SLE-Module-Live-Patching-15-SP1-2019-2863=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-2852=1\nSUSE-SLE-Module-Live-Patching-15-2019-2853=1\nSUSE-SLE-Module-Live-Patching-15-2019-2854=1\nSUSE-SLE-Module-Live-Patching-15-2019-2855=1\nSUSE-SLE-Module-Live-Patching-15-2019-2856=1\nSUSE-SLE-Module-Live-Patching-15-2019-2857=1\nSUSE-SLE-Module-Live-Patching-15-2019-2858=1\nSUSE-SLE-Module-Live-Patching-15-2019-2860=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-2841=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2842=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2843=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2844=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2845=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2846=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2847=1\nSUSE-SLE-Live-Patching-12-SP4-2019-2848=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_109-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_156-94_64-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_156-94_64-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_69-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_69-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_72-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_162-94_72-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_115-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_115-xen-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_118-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_118-xen-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_121-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_121-xen-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_156-94_64-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_156-94_64-default-debuginfo-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_162-94_69-default-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_162-94_69-default-debuginfo-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_162-94_72-default-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_162-94_72-default-debuginfo-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-debuginfo-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-debuginfo-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-debuginfo-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-debuginfo-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-debuginfo-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_101-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_104-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_109-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_114-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_117-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_120-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_98-default-8-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:45:59", "description": "This update for the Linux Kernel 3.12.74-60_64_124 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2019-15917: Fixed a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bsc#1156334).\n\nCVE-2019-17133: Fixed Buffer Overflow to reject long SSID IE in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c(bsc#1153161).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3237-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15917", "CVE-2019-17133"], "modified": "2019-12-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132003", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132003);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/16\");\n\n script_cve_id(\"CVE-2019-15917\", \"CVE-2019-17133\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3237-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_124 fixes several\nissues.\n\nThe following security issues were fixed :\n\nCVE-2019-15917: Fixed a use-after-free issue when\nhci_uart_register_dev() fails in hci_uart_set_proto() in\ndrivers/bluetooth/hci_ldisc.c (bsc#1156334).\n\nCVE-2019-17133: Fixed Buffer Overflow to reject long SSID IE in\ncfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c(bsc#1153161).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17133/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193237-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43ef0ca4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-3237=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-3237=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_124-default-2-2.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_124-xen-2-2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-05T15:45:37", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic.\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow.\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c.\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c.\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c.\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service.\n\n - kernel: offset2lib allows for the stack guard page to be jumped over.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-15916", "CVE-2019-17055", "CVE-2019-17133", "CVE-2019-17666", "CVE-2020-10711", "CVE-2020-11565", "CVE-2020-8648"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2020-037.NASL", "href": "https://www.tenable.com/plugins/nessus/136804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136804);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2017-1000371\",\n \"CVE-2019-15916\",\n \"CVE-2019-17055\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2020-8648\",\n \"CVE-2020-10711\",\n \"CVE-2020-11565\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - Kernel: NetLabel: null pointer dereference while\n receiving CIPSO packet with null category may cause\n kernel panic.\n\n - kernel: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel lacks a certain upper-bound check, leading to a\n buffer overflow.\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid\n in net/wireless/wext-sme.c.\n\n - kernel: out-of-bounds write in mpol_parse_str function\n in mm/mempolicy.c.\n\n - kernel: use-after-free in n_tty_receive_buf_common\n function in drivers/tty/n_tty.c.\n\n - kernel: unprivileged users able to create RAW sockets\n in AF_ISDN network protocol.\n\n - kernel: memory leak in register_queue_kobjects() in\n net/core/net-sysfs.c leads to denial of service.\n\n - kernel: offset2lib allows for the stack guard page to\n be jumped over.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2020-037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3757\",\n \"vzkernel-2.6.32-042stab144.1\",\n \"vzkernel-devel-2.6.32-042stab144.1\",\n \"vzkernel-firmware-2.6.32-042stab144.1\",\n \"vzmodules-2.6.32-042stab144.1\",\n \"vzmodules-devel-2.6.32-042stab144.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:35:02", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0653 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0653)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-14895", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.3:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0653.NASL", "href": "https://www.tenable.com/plugins/nessus/134259", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0653. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134259);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0653\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0653)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0653 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0653');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/os',\n 'content/tus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-514.73.1.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.73.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T15:15:25", "description": "Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4211-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131565);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-17075\", \"CVE-2019-17133\");\n script_xref(name:\"USN\", value:\"4211-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Zhipeng Xie discovered that an infinite loop could be triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4211-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-17075\", \"CVE-2019-17133\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4211-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-kvm\", pkgver:\"4.4.0-1063.70\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1099-aws\", pkgver:\"4.4.0-1099.110\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1126-raspi2\", pkgver:\"4.4.0-1126.135\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1130-snapdragon\", pkgver:\"4.4.0-1130.138\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-generic\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-generic-lpae\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-lowlatency\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1099.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1063.63\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1126.126\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1130.122\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.170.178\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:29:31", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0592 advisory.\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-26T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0592)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20976", "CVE-2019-11085", "CVE-2019-14895", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0592.NASL", "href": "https://www.tenable.com/plugins/nessus/134064", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0592. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134064);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-20976\",\n \"CVE-2019-11085\",\n \"CVE-2019-14895\",\n \"CVE-2019-17133\"\n );\n script_bugtraq_id(108488);\n script_xref(name:\"RHSA\", value:\"2020:0592\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0592)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0592 advisory.\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1710405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 122, 250, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-20976', 'CVE-2019-11085', 'CVE-2019-14895', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0592');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.64.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.64.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:36:02", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0609 advisory.\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-02T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel-rt (RHSA-2020:0609)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20976", "CVE-2019-11085", "CVE-2019-14895", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-firmware:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-vanilla:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-vanilla-devel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0609.NASL", "href": "https://www.tenable.com/plugins/nessus/134192", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0609. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134192);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-20976\",\n \"CVE-2019-11085\",\n \"CVE-2019-14895\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0609\");\n\n script_name(english:\"RHEL 6 : kernel-rt (RHSA-2020:0609)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0609 advisory.\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1710405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 122, 250, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-20976', 'CVE-2019-11085', 'CVE-2019-14895', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0609');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-devel-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-devel-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-doc-3.10.0-693.64.1.rt56.662.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-firmware-3.10.0-693.64.1.rt56.662.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-devel-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-devel-3.10.0-693.64.1.rt56.662.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / kernel-rt-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:35:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0664 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0664)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_eus:7.6:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0664.NASL", "href": "https://www.tenable.com/plugins/nessus/134262", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0664. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134262);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0664\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0664)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0664 advisory.\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-20856', 'CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0664');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.46.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.46.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-05T15:24:45", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2019-2.0-0189", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20976", "CVE-2019-14821", "CVE-2019-16746", "CVE-2019-17133"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0189_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/132539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0189. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132539);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\n \"CVE-2018-20976\",\n \"CVE-2019-14821\",\n \"CVE-2019-16746\",\n \"CVE-2019-17133\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2019-2.0-0189\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-189.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-sound-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-tools-4.9.201-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:58:38", "description": "The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505 1155812 1155817 1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 (bnc#1139073 1152497 1152505 1152506). CVE-2019-18805: There was a signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187).\n\nCVE-2019-17055: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782).\n\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18805"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2953-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2953-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130951);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16995\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18805\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505\n1155812 1155817 1155945) CVE-2019-11135: Aborting an asynchronous TSX\noperation on Intel CPUs with Transactional Memory support could be\nused to facilitate sidechannel information leaks out of\nmicroarchitectural buffers, similar to the previously described\n'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable\nTSX operation altogether (requiring CPU Microcode updates on\nolder systems) and better flushing of microarchitectural\nbuffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251 (bnc#1139073\n1152497 1152505 1152506). CVE-2019-18805: There was a signed\ninteger overflow in tcp_ack_update_rtt() when userspace\nwrites a very large integer to\n/proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of\nservice or possibly unspecified other impact, aka\nCID-19fad20d15a6 (bnc#1156187).\n\nCVE-2019-17055: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bnc#1152782).\n\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if\nhsr_add_port failed to add a port, which may have caused denial of\nservice (bsc#1152685).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the\nalloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=919448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=987367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=998153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6873dc02\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2953=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:35:21", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0661 advisory.\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0661)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20976", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0661.NASL", "href": "https://www.tenable.com/plugins/nessus/134260", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0661. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134260);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-20976\",\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0661\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0661)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0661 advisory.\n\n - kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.2')) audit(AUDIT_OS_NOT, 'Red Hat 7.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-20976', 'CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-17133', 'CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0661');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.2/x86_64/debug',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.2/x86_64/os',\n 'content/aus/rhel/server/7/7.2/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-327.85.1.el7', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-327.85.1.el7', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:32:13", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path.\n (CVE-2019-14816)\n\n - A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - No description is available for this CVE.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code.\n (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0014_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/135762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0014. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135762);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A vulnerability was found in the Linux kernel's Marvell\n WiFi chip driver. Where, while parsing vendor-specific\n informational attributes, an attacker on the same WiFi\n physical network segment could cause a system crash,\n resulting in a denial of service, or potentially execute\n arbitrary code. This flaw affects the network interface\n at the most basic level meaning the attacker only needs\n to affiliate with the same network device as the\n vulnerable system to create an attack path.\n (CVE-2019-14816)\n\n - A heap-based buffer overflow was discovered in the Linux\n kernel's Marvell WiFi chip driver. The flaw could occur\n when the station attempts a connection negotiation\n during the handling of the remote devices country\n settings. This could allow the remote device to cause a\n denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2019-14895)\n\n - No description is available for this CVE.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel's\n Marvell WiFi chip driver. The vulnerability allows a\n remote attacker to cause a system crash, resulting in a\n denial of service, or execute arbitrary code. The\n highest threat with this vulnerability is with the\n availability of the system. If code execution occurs,\n the code will run with the permissions of root. This\n will affect both confidentiality and integrity of files\n on the system. (CVE-2019-14901)\n\n - A vulnerability was found in the Linux kernel's generic\n WiFi ESSID handling implementation. The flaw allows a\n system to join a wireless network where the ESSID is\n longer than the maximum length of 32 characters, which\n can cause the system to crash or execute code.\n (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.30.404.g206c005\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:29:58", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2019-14816)\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.\n (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-08T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0010_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/134320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0010. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134320);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - There is heap-based buffer overflow in kernel, all\n versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to cause\n a denial of service(system crash) or possibly execute\n arbitrary code. (CVE-2019-14816)\n\n - A heap-based buffer overflow was discovered in the Linux\n kernel, all versions 3.x.x and 4.x.x before 4.18.0, in\n Marvell WiFi chip driver. The flaw could occur when the\n station attempts a connection negotiation during the\n handling of the remote devices country settings. This\n could allow the remote device to cause a denial of\n service (system crash) or possibly execute arbitrary\n code. (CVE-2019-14895)\n\n - A heap overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run with\n the permissions of root. This will affect both\n confidentiality and integrity of files on the system.\n (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow. (CVE-2019-17133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0010\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.569.gabd82ea.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.34.565.g2ffb389\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:44:31", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound check, leading to a buffer overflow (bnc#1154372).\n\n - CVE-2019-16232:\n drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465).\n\n - CVE-2019-16234:\n drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452).\n\n - CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158).\n\n - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nThe following non-security bugs were fixed :\n\n - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).\n\n - ACPI / CPPC: do not require the _PSD method (bsc#1051510).\n\n - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).\n\n - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).\n\n - act_mirred: Fix mirred_init_module error handling (bsc#1051510).\n\n - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file.\n\n - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).\n\n - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).\n\n - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).\n\n - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).\n\n - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).\n\n - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).\n\n - ALSA: hda: Flush interrupts on disabling (bsc#1051510).\n\n - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).\n\n - ALSA: hda - Inform too slow responses (bsc#1051510).\n\n - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).\n\n - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).\n\n - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).\n\n - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).\n\n - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).\n\n - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).\n\n - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).\n\n - ALSA: i2c: ak4xxx-adda: Fix a possible NULL pointer dereference in build_adc_controls() (bsc#1051510).\n\n - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).\n\n - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).\n\n - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).\n\n - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).\n\n - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).\n\n - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).\n\n - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).\n\n - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).\n\n - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).\n\n - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).\n\n - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667)\n\n - blk-wbt: abstract out end IO completion handler (bsc#1135873).\n\n - blk-wbt: fix has-sleeper queueing check (bsc#1135873).\n\n - blk-wbt: improve waking of tasks (bsc#1135873).\n\n - blk-wbt: move disable check into get_limit() (bsc#1135873).\n\n - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout handler (bsc#1148410).\n\n - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).\n\n - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).\n\n - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).\n\n - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).\n\n - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).\n\n - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).\n\n - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).\n\n - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).\n\n - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510).\n\n - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510).\n\n - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15).\n\n - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510).\n\n - ceph: fix directories inode i_blkbits initialization (bsc#1153717).\n\n - ceph: reconnect connection if session hang in opening state (bsc#1153718).\n\n - ceph: update the mtime when truncating up (bsc#1153719).\n\n - cfg80211: add and use strongly typed element iteration macros (bsc#1051510).\n\n - cfg80211: Purge frame registrations on iftype change (bsc#1051510).\n\n - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510).\n\n - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510).\n\n - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510).\n\n - crypto: talitos - fix missing break in switch statement (bsc#1142635).\n\n - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129).\n\n - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129).\n\n - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513).\n\n - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).\n\n - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129).\n\n - dasd_fba: Display '00000000' for zero page when dumping sense\n\n - /dev/mem: Bail out upon SIGKILL (git-fixes).\n\n - drm/amdgpu: Check for valid number of registers to read (bsc#1051510).\n\n - drm/amdgpu/si: fix ASIC tests (git-fixes).\n\n - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510).\n\n - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510).\n\n - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510).\n\n - drm: Flush output polling on shutdown (bsc#1051510).\n\n - drm/msm/dsi: Implement reset correctly (bsc#1051510).\n\n - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510).\n\n - drm/radeon: Fix EEH during kexec (bsc#1051510).\n\n - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510).\n\n - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510).\n\n - e1000e: add workaround for possible stalled packet (bsc#1051510).\n\n - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes).\n\n - Fix AMD IOMMU kABI (bsc#1154610).\n\n - Fix KVM kABI after x86 mmu backports (bsc#1117665).\n\n - gpu: drm: radeon: Fix a possible NULL pointer dereference in radeon_connector_set_property() (bsc#1051510).\n\n - HID: apple: Fix stuck function keys when using FN (bsc#1051510).\n\n - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510).\n\n - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510).\n\n - HID: prodikeys: Fix general protection fault during probe (bsc#1051510).\n\n - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510).\n\n - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510).\n\n - hwrng: core - do not wait on add_early_randomness() (git-fixes).\n\n - i2c: riic: Clear NACK in tend isr (bsc#1051510).\n\n - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108)\n\n - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449).\n\n - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205).\n\n - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205).\n\n - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305).\n\n - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510).\n\n - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - iio: adc: ad799x: fix probe error handling (bsc#1051510).\n\n - iio: light: opt3001: fix mutex unlock race (bsc#1051510).\n\n - ima: always return negative code for error (bsc#1051510).\n\n - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510).\n\n - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799).\n\n - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608).\n\n - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799).\n\n - iommu/amd: Remove domain->updated (bsc#1154610).\n\n - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611).\n\n - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510).\n\n - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).\n\n - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674).\n\n - ixgbe: sync the first fragment unconditionally (bsc#1133140).\n\n - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).\n\n - kabi/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code.\n\n - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510).\n\n - kernel-binary: Drop .kernel-binary.spec.buildenv (boo#1154578).\n\n - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578).\n\n - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case.\n\n - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875).\n\n - kvm: Convert kvm_lock to a mutex (bsc#1117665).\n\n - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665).\n\n - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840).\n\n - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665).\n\n - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665).\n\n - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665).\n\n - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665).\n\n - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665).\n\n - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665).\n\n - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665).\n\n - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510).\n\n - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).\n\n - mac80211: accept deauth frames in IBSS mode (bsc#1051510).\n\n - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510).\n\n - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642).\n\n - media: cpia2_usb: fix memory leaks (bsc#1051510).\n\n - media: dvb-core: fix a memory leak bug (bsc#1051510).\n\n - media: exynos4-is: fix leaked of_node references (bsc#1051510).\n\n - media: gspca: zero usb_buf on error (bsc#1051510).\n\n - media: hdpvr: Add device num check and handling (bsc#1051510).\n\n - media: hdpvr: add terminating 0 at end of string (bsc#1051510).\n\n - media: i2c: ov5645: Fix power sequence (bsc#1051510).\n\n - media: iguanair: add sanity checks (bsc#1051510).\n\n - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510).\n\n - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510).\n\n - media: ov9650: add a sanity check (bsc#1051510).\n\n - media: radio/si470x: kill urb on error (bsc#1051510).\n\n - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).\n\n - media: saa7146: add cleanup in hexium_attach() (bsc#1051510).\n\n - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510).\n\n - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510).\n\n - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510).\n\n - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510).\n\n - mfd: intel-lpss: Remove D3cold delay (bsc#1051510).\n\n - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05).\n\n - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510).\n\n - mmc: sdhci: improve ADMA error reporting (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510).\n\n - net: Fix null de-reference of device refcount (networking-stable-19_09_15).\n\n - net: fix skb use after free in netpoll (networking-stable-19_09_05).\n\n - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15).\n\n - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).\n\n - net/mlx4_en: fix a memory leak bug (bsc#1046299).\n\n - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ).\n\n - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ).\n\n - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).\n\n - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05).\n\n - nfc: fix attrs checks in netlink interface (bsc#1051510).\n\n - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).\n\n - nfc: pn533: fix use-after-free and memleaks (bsc#1051510).\n\n - objtool: Clobber user CFLAGS variable (bsc#1153236).\n\n - PCI: Correct pci=resource_alignment parameter example (bsc#1051510).\n\n - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).\n\n - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263).\n\n - PCI: PM: Fix pci_power_up() (bsc#1051510).\n\n - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510).\n\n - platform/x86: classmate-laptop: remove unused variable (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510).\n\n - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186).\n\n - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186).\n\n - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186).\n\n - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).\n\n - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186).\n\n - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186).\n\n - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186).\n\n - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186).\n\n - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186).\n\n - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778).\n\n - powerpc/pseries: Remove confusing warning message (bsc#1109158).\n\n - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778).\n\n - power: supply: sysfs: ratelimit property read error message (bsc#1051510).\n\n - Pull packaging cleanup from mkubecek.\n\n - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545).\n\n - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244).\n\n - RDMA: Fix goto target to release the allocated memory (bsc#1050244).\n\n - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635).\n\n - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15).\n\n - scripts/arch-symbols: add missing link.\n\n - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845).\n\n - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883).\n\n - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).\n\n - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291).\n\n - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291).\n\n - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729).\n\n - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).\n\n - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15).\n\n - Sign non-x86 kernels when possible (boo#1134303)\n\n - sock_diag: fix autoloading of the raw_diag module (bsc#1152791).\n\n - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791).\n\n - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510).\n\n - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes).\n\n - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).\n\n - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05).\n\n - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05).\n\n - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510).\n\n - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).\n\n - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15).\n\n - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508).\n\n - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15).\n\n - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).\n\n - Update patches.suse/NFSv4-Check-the-return-value-of-update_open\n _stateid.patch (boo#1154189 bsc#1154747).\n\n - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635).\n\n - usb: adutux: fix use-after-free on disconnect (bsc#1142635).\n\n - usb: adutux: fix use-after-free on release (bsc#1051510).\n\n - usb: chaoskey: fix use-after-free on release (bsc#1051510).\n\n - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on release (bsc#1051510).\n\n - usb: legousbtower: fix deadlock on disconnect (bsc#1142635).\n\n - usb: legousbtower: fix open after failed reset request (bsc#1142635).\n\n - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635).\n\n - usb: legousbtower: fix slab info leak at probe (bsc#1142635).\n\n - usb: legousbtower: fix use-after-free on release (bsc#1051510).\n\n - usb: microtek: fix info-leak at probe (bsc#1142635).\n\n - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510).\n\n - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510).\n\n - usb: serial: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510).\n\n - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510).\n\n - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510).\n\n - usb: serial: option: add Telit FN980 compositions (bsc#1051510).\n\n - usb: usblcd: fix I/O after disconnect (bsc#1142635).\n\n - usb: usblp: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510).\n\n - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510).\n\n - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510).\n\n - usb: yurex: Do not retry on unexpected errors (bsc#1051510).\n\n - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510).\n\n - vfio_pci: Restore original state on release (bsc#1051510).\n\n - vhost_net: conditionally enable tx polling (bsc#1145099).\n\n - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510).\n\n - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510).\n\n - x86/asm: Fix MWAITX C-state hint value (bsc#1114279).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279).\n\n - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600).\n\n - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).\n\n - xhci: Check all endpoints for LPM timeout (bsc#1051510).\n\n - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510).\n\n - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510).\n\n - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-2392)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16232", "CVE-2019-16234", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2392.NASL", "href": "https://www.tenable.com/plugins/nessus/130338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130338);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-16232\", \"CVE-2019-16234\", \"CVE-2019-17056\", \"CVE-2019-17133\", \"CVE-2019-17666\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2392)\");\n script_summary(english:\"Check for the openSUSE-2019-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-17666: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c lacked a\n certain upper-bound check, leading to a buffer overflow\n (bnc#1154372).\n\n - CVE-2019-16232:\n drivers/net/wireless/marvell/libertas/if_sdio.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150465).\n\n - CVE-2019-16234:\n drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150452).\n\n - CVE-2019-17133: cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c did not reject a long SSID IE,\n leading to a Buffer Overflow (bnc#1153158).\n\n - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c\n in the AF_NFC network module did not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nThe following non-security bugs were fixed :\n\n - 9p: avoid attaching writeback_fid on mmap with type\n PRIVATE (bsc#1051510).\n\n - ACPI / CPPC: do not require the _PSD method\n (bsc#1051510).\n\n - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in\n acpi_cppc_processor_exit() (bsc#1051510).\n\n - ACPI / processor: do not print errors for processorIDs\n == 0xff (bsc#1051510).\n\n - act_mirred: Fix mirred_init_module error handling\n (bsc#1051510).\n\n - Add kernel module compression support (bsc#1135854) For\n enabling the kernel module compress, add the item\n COMPRESS_MODULES='xz' in config.sh, then mkspec will\n pass it to the spec file.\n\n - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop\n (bsc#1051510).\n\n - ALSA: hda: Add support of Zhaoxin controller\n (bsc#1051510).\n\n - ALSA: hda - Apply AMD controller workaround for Raven\n platform (bsc#1051510).\n\n - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269\n family (bsc#1051510).\n\n - ALSA: hda - Drop unsol event handler for Intel HDMI\n codecs (bsc#1051510).\n\n - ALSA: hda - Expand pin_match function to match upcoming\n new tbls (bsc#1051510).\n\n - ALSA: hda: Flush interrupts on disabling (bsc#1051510).\n\n - ALSA: hda/hdmi: remove redundant assignment to variable\n pcm_idx (bsc#1051510).\n\n - ALSA: hda - Inform too slow responses (bsc#1051510).\n\n - ALSA: hda/realtek - Blacklist PC beep for Lenovo\n ThinkCentre M73/93 (bsc#1051510).\n\n - ALSA: hda/realtek - Check beep whitelist before\n assigning in all codecs (bsc#1051510).\n\n - ALSA: hda/realtek - Fix alienware headset mic\n (bsc#1051510).\n\n - ALSA: hda/realtek: Reduce the Headphone static noise on\n XPS 9350/9360 (bsc#1051510).\n\n - ALSA: hda: Set fifo_size for both playback and capture\n streams (bsc#1051510).\n\n - ALSA: hda - Show the fatal CORB/RIRB error more clearly\n (bsc#1051510).\n\n - ALSA: hda/sigmatel - remove unused variable\n 'stac9200_core_init' (bsc#1051510).\n\n - ALSA: i2c: ak4xxx-adda: Fix a possible NULL pointer\n dereference in build_adc_controls() (bsc#1051510).\n\n - ALSA: line6: sizeof (byte) is always 1, use that fact\n (bsc#1051510).\n\n - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck\n (bsc#1051510).\n\n - ALSA: usb-audio: Disable quirks for BOSS Katana\n amplifiers (bsc#1051510).\n\n - ALSA: usb-audio: Skip bSynchAddress endpoint check if it\n is invalid (bsc#1051510).\n\n - appletalk: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - ASoC: Define a set of DAPM pre/post-up events\n (bsc#1051510).\n\n - ASoC: dmaengine: Make the pcm->name equal to pcm->id if\n the name is not set (bsc#1051510).\n\n - ASoC: Intel: Fix use of potentially uninitialized\n variable (bsc#1051510).\n\n - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).\n\n - ASoC: sgtl5000: Fix charge pump source assignment\n (bsc#1051510).\n\n - auxdisplay: panel: need to delete scan_timer when\n misc_register fails in panel_attach (bsc#1051510).\n\n - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - blacklist 'signal: Correct namespace fixups of si_pid\n and si_uid' (bsc#1142667)\n\n - blk-wbt: abstract out end IO completion handler\n (bsc#1135873).\n\n - blk-wbt: fix has-sleeper queueing check (bsc#1135873).\n\n - blk-wbt: improve waking of tasks (bsc#1135873).\n\n - blk-wbt: move disable check into get_limit()\n (bsc#1135873).\n\n - blk-wbt: use wq_has_sleeper() for wq active check\n (bsc#1135873).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout\n handler (bsc#1148410).\n\n - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth\n devices (bsc#1051510).\n\n - bnx2x: Fix VF's VLAN reconfiguration in reload\n (bsc#1086323 ).\n\n - bridge/mdb: remove wrong use of NLM_F_MULTI\n (networking-stable-19_09_15).\n\n - btrfs: bail out gracefully rather than BUG_ON\n (bsc#1153646).\n\n - btrfs: check for the full sync flag while holding the\n inode lock during fsync (bsc#1153713).\n\n - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to\n date values (bsc#1154651).\n\n - btrfs: Ensure replaced device does not have pending\n chunk allocation (bsc#1154607).\n\n - btrfs: remove wrong use of volume_mutex from\n btrfs_dev_replace_start (bsc#1154651).\n\n - can: mcp251x: mcp251x_hw_reset(): allow more time after\n a reset (bsc#1051510).\n\n - can: xilinx_can: xcan_probe(): skip error message on\n deferred probe (bsc#1051510).\n\n - cdc_ether: fix rndis support for Mediatek based\n smartphones (networking-stable-19_09_15).\n\n - cdc_ncm: fix divide-by-zero caused by invalid\n wMaxPacketSize (bsc#1051510).\n\n - ceph: fix directories inode i_blkbits initialization\n (bsc#1153717).\n\n - ceph: reconnect connection if session hang in opening\n state (bsc#1153718).\n\n - ceph: update the mtime when truncating up (bsc#1153719).\n\n - cfg80211: add and use strongly typed element iteration\n macros (bsc#1051510).\n\n - cfg80211: Purge frame registrations on iftype change\n (bsc#1051510).\n\n - clk: at91: select parent if main oscillator or bypass is\n enabled (bsc#1051510).\n\n - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: sirf: Do not reference clk_init_data after\n registration (bsc#1051510).\n\n - clk: zx296718: Do not reference clk_init_data after\n registration (bsc#1051510).\n\n - crypto: talitos - fix missing break in switch statement\n (bsc#1142635).\n\n - cxgb4: fix endianness for vlan value in cxgb4_tc_flower\n (bsc#1064802 bsc#1066129).\n\n - cxgb4: offload VLAN flows regardless of VLAN ethtype\n (bsc#1064802 bsc#1066129).\n\n - cxgb4: reduce kernel stack usage in\n cudbg_collect_mem_region() (bsc#1073513).\n\n - cxgb4: Signedness bug in init_one() (bsc#1097585\n bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583\n bsc#1097584).\n\n - cxgb4: smt: Add lock for atomic_dec_and_test\n (bsc#1064802 bsc#1066129).\n\n - dasd_fba: Display '00000000' for zero page when dumping\n sense\n\n - /dev/mem: Bail out upon SIGKILL (git-fixes).\n\n - drm/amdgpu: Check for valid number of registers to read\n (bsc#1051510).\n\n - drm/amdgpu/si: fix ASIC tests (git-fixes).\n\n - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)\n (bsc#1051510).\n\n - drm/ast: Fixed reboot test may cause system hanged\n (bsc#1051510).\n\n - drm/bridge: tc358767: Increase AUX transfer length limit\n (bsc#1051510).\n\n - drm: Flush output polling on shutdown (bsc#1051510).\n\n - drm/msm/dsi: Implement reset correctly (bsc#1051510).\n\n - drm/panel: simple: fix AUO g185han01 horizontal blanking\n (bsc#1051510).\n\n - drm/radeon: Fix EEH during kexec (bsc#1051510).\n\n - drm/tilcdc: Register cpufreq notifier after we have\n initialized crtc (bsc#1051510).\n\n - drm/vmwgfx: Fix double free in vmw_recv_msg()\n (bsc#1051510).\n\n - e1000e: add workaround for possible stalled packet\n (bsc#1051510).\n\n - firmware: dmi: Fix unlikely out-of-bounds read in\n save_mem_devices (git-fixes).\n\n - Fix AMD IOMMU kABI (bsc#1154610).\n\n - Fix KVM kABI after x86 mmu backports (bsc#1117665).\n\n - gpu: drm: radeon: Fix a possible NULL pointer\n dereference in radeon_connector_set_property()\n (bsc#1051510).\n\n - HID: apple: Fix stuck function keys when using FN\n (bsc#1051510).\n\n - HID: hidraw: Fix invalid read in hidraw_ioctl\n (bsc#1051510).\n\n - HID: logitech: Fix general protection fault caused by\n Logitech driver (bsc#1051510).\n\n - HID: prodikeys: Fix general protection fault during\n probe (bsc#1051510).\n\n - HID: sony: Fix memory corruption issue on cleanup\n (bsc#1051510).\n\n - hwmon: (acpi_power_meter) Change log level for 'unsafe\n software power cap' (bsc#1051510).\n\n - hwrng: core - do not wait on add_early_randomness()\n (git-fixes).\n\n - i2c: riic: Clear NACK in tend isr (bsc#1051510).\n\n - IB/core, ipoib: Do not overreact to SM LID change event\n (bsc#1154108)\n\n - IB/hfi1: Remove overly conservative VM_EXEC flag check\n (bsc#1144449).\n\n - IB/mlx5: Consolidate use_umr checks into single function\n (bsc#1093205).\n\n - IB/mlx5: Fix MR re-registration flow to use UMR properly\n (bsc#1093205).\n\n - IB/mlx5: Report correctly tag matching rendezvous\n capability (bsc#1046305).\n\n - ieee802154: atusb: fix use-after-free at disconnect\n (bsc#1051510).\n\n - ieee802154: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - iio: adc: ad799x: fix probe error handling\n (bsc#1051510).\n\n - iio: light: opt3001: fix mutex unlock race\n (bsc#1051510).\n\n - ima: always return negative code for error\n (bsc#1051510).\n\n - Input: da9063 - fix capability and drop KEY_SLEEP\n (bsc#1051510).\n\n - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer\n Aspire A315-41 (bsc#1137799).\n\n - iommu/amd: Check PM_LEVEL_SIZE() condition in locked\n section (bsc#1154608).\n\n - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge\n systems (bsc#1137799).\n\n - iommu/amd: Remove domain->updated (bsc#1154610).\n\n - iommu/amd: Wait for completion of IOTLB flush in\n attach_device (bsc#1154611).\n\n - ipmi_si: Only schedule continuously in the thread in\n maintenance mode (bsc#1051510).\n\n - ipv6: Fix the link time qualifier of\n 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).\n\n - ixgbe: Prevent u8 wrapping of ITR value to something\n less than 10us (bsc#1101674).\n\n - ixgbe: sync the first fragment unconditionally\n (bsc#1133140).\n\n - kabi: net: sched: act_sample: fix psample group handling\n on overwrite (networking-stable-19_09_05).\n\n - kabi/severities: Whitelist functions internal to radix\n mm. To call these functions you have to first detect if\n you are running in radix mm mode which can't be expected\n of OOT code.\n\n - kABI workaround for snd_hda_pick_pin_fixup() changes\n (bsc#1051510).\n\n - kernel-binary: Drop .kernel-binary.spec.buildenv\n (boo#1154578).\n\n - kernel-binary.spec.in: Fix build of non-modular kernels\n (boo#1154578).\n\n - kernel-subpackage-build: create zero size ghost for\n uncompressed vmlinux (bsc#1154354). It is not strictly\n necessary to uncompress it so maybe the ghost file can\n be 0 size in this case.\n\n - kernel/sysctl.c: do not override max_threads provided by\n userspace (bnc#1150875).\n\n - kvm: Convert kvm_lock to a mutex (bsc#1117665).\n\n - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665).\n\n - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing\n host_ipi flag (bsc#1061840).\n\n - kvm: x86: add tracepoints around __direct_map and\n FNAME(fetch) (bsc#1117665).\n\n - kvm: x86: adjust kvm_mmu_page member to save 8 bytes\n (bsc#1117665).\n\n - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON\n (bsc#1117665).\n\n - kvm: x86: Do not release the page inside mmu_set_spte()\n (bsc#1117665).\n\n - kvm: x86: make FNAME(fetch) and __direct_map more\n similar (bsc#1117665).\n\n - kvm: x86, powerpc: do not allow clearing largepages\n debugfs entry (bsc#1117665).\n\n - kvm: x86: remove now unneeded hugepage gfn adjustment\n (bsc#1117665).\n\n - libertas: Add missing sentinel at end of if_usb.c\n fw_table (bsc#1051510).\n\n - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).\n\n - mac80211: accept deauth frames in IBSS mode\n (bsc#1051510).\n\n - macsec: drop skb sk before calling gro_cells_receive\n (bsc#1051510).\n\n - media: atmel: atmel-isc: fix asd memory allocation\n (bsc#1135642).\n\n - media: cpia2_usb: fix memory leaks (bsc#1051510).\n\n - media: dvb-core: fix a memory leak bug (bsc#1051510).\n\n - media: exynos4-is: fix leaked of_node references\n (bsc#1051510).\n\n - media: gspca: zero usb_buf on error (bsc#1051510).\n\n - media: hdpvr: Add device num check and handling\n (bsc#1051510).\n\n - media: hdpvr: add terminating 0 at end of string\n (bsc#1051510).\n\n - media: i2c: ov5645: Fix power sequence (bsc#1051510).\n\n - media: iguanair: add sanity checks (bsc#1051510).\n\n - media: omap3isp: Do not set streaming state on random\n subdevs (bsc#1051510).\n\n - media: omap3isp: Set device on omap3isp subdevs\n (bsc#1051510).\n\n - media: ov9650: add a sanity check (bsc#1051510).\n\n - media: radio/si470x: kill urb on error (bsc#1051510).\n\n - media: saa7134: fix terminology around\n saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).\n\n - media: saa7146: add cleanup in hexium_attach()\n (bsc#1051510).\n\n - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table\n (bsc#1051510).\n\n - media: stkwebcam: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - media: ttusb-dec: Fix info-leak in\n ttusb_dec_send_command() (bsc#1051510).\n\n - memstick: jmb38x_ms: Fix an error handling path in\n 'jmb38x_ms_probe()' (bsc#1051510).\n\n - mfd: intel-lpss: Remove D3cold delay (bsc#1051510).\n\n - mISDN: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - mld: fix memory leak in mld_del_delrec()\n (networking-stable-19_09_05).\n\n - mmc: sdhci: Fix incorrect switch to HS mode\n (bsc#1051510).\n\n - mmc: sdhci: improve ADMA error reporting (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: set DMA snooping based on DMA\n coherence (bsc#1051510).\n\n - net: Fix null de-reference of device refcount\n (networking-stable-19_09_15).\n\n - net: fix skb use after free in netpoll\n (networking-stable-19_09_05).\n\n - net: gso: Fix skb_segment splat when splitting gso_size\n mangled skb having linear-headed frag_list\n (networking-stable-19_09_15).\n\n - net/ibmvnic: Fix EOI when running in XIVE mode\n (bsc#1089644, ltc#166495, ltc#165544, git-fixes).\n\n - net/mlx4_en: fix a memory leak bug (bsc#1046299).\n\n - net/mlx5: Add device ID of upcoming BlueField-2\n (bsc#1046303 ).\n\n - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305\n ).\n\n - net: sched: act_sample: fix psample group handling on\n overwrite (networking-stable-19_09_05).\n\n - net: stmmac: dwmac-rk: Do not fail if phy regulator is\n absent (networking-stable-19_09_05).\n\n - nfc: fix attrs checks in netlink interface\n (bsc#1051510).\n\n - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).\n\n - nfc: pn533: fix use-after-free and memleaks\n (bsc#1051510).\n\n - objtool: Clobber user CFLAGS variable (bsc#1153236).\n\n - PCI: Correct pci=resource_alignment parameter example\n (bsc#1051510).\n\n - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).\n\n - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI\n domain numbers (bsc#1153263).\n\n - PCI: PM: Fix pci_power_up() (bsc#1051510).\n\n - pinctrl: tegra: Fix write barrier placement in\n pmx_writel (bsc#1051510).\n\n - platform/x86: classmate-laptop: remove unused variable\n (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to\n critclk_systems DMI table (bsc#1051510).\n\n - powerpc/64s/pseries: radix flush translations before MMU\n is enabled at boot (bsc#1055186).\n\n - powerpc/64s/radix: keep kernel ERAT over local\n process/guest invalidates (bsc#1055186).\n\n - powerpc/64s/radix: tidy up TLB flushing code\n (bsc#1055186).\n\n - powerpc/64s: Rename PPC_INVALIDATE_ERAT to\n PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).\n\n - powerpc/mm/book3s64: Move book3s64 code to\n pgtable-book3s64 (bsc#1055186).\n\n - powerpc/mm: mark more tlb functions as __always_inline\n (bsc#1055186).\n\n - powerpc/mm: Properly invalidate when setting process\n table base (bsc#1055186).\n\n - powerpc/mm/radix: mark as __tlbie_pid() and friends\n as__always_inline (bsc#1055186).\n\n - powerpc/mm/radix: mark __radix__flush_tlb_range_psize()\n as __always_inline (bsc#1055186).\n\n - powerpc/pseries/mobility: use cond_resched when updating\n device tree (bsc#1153112 ltc#181778).\n\n - powerpc/pseries: Remove confusing warning message\n (bsc#1109158).\n\n - powerpc/rtas: allow rescheduling while changing cpu\n states (bsc#1153112 ltc#181778).\n\n - power: supply: sysfs: ratelimit property read error\n message (bsc#1051510).\n\n - Pull packaging cleanup from mkubecek.\n\n - qed: iWARP - Fix default window size to be based on chip\n (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536\n bsc#1050545).\n\n - qed: iWARP - fix uninitialized callback (bsc#1050536\n bsc#1050545).\n\n - qed: iWARP - Use READ_ONCE and smp_store_release to\n access ep->state (bsc#1050536 bsc#1050545).\n\n - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' ->\n 'missing_resp' (bsc#1050244).\n\n - RDMA: Fix goto target to release the allocated memory\n (bsc#1050244).\n\n - rtlwifi: rtl8192cu: Fix value set in descriptor\n (bsc#1142635).\n\n - sch_hhf: ensure quantum and hhf_non_hh_weight are\n non-zero (networking-stable-19_09_15).\n\n - scripts/arch-symbols: add missing link.\n\n - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo\n via sysfs attribute (bsc#1140845).\n\n - scsi: lpfc: Fix propagation of devloss_tmo setting to\n nvme transport (bsc#1140883).\n\n - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).\n\n - scsi: qedf: fc_rport_priv reference counting fixes\n (bsc#1098291).\n\n - scsi: qedf: Modify abort and tmf handler to handle edge\n condition and flush (bsc#1098291).\n\n - scsi: storvsc: setup 1:1 mapping between hardware queue\n and CPU queue (bsc#1140729).\n\n - sctp: Fix the link time qualifier of\n 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).\n\n - sctp: use transport pf_retrans in\n sctp_do_8_2_transport_strike\n (networking-stable-19_09_15).\n\n - Sign non-x86 kernels when possible (boo#1134303)\n\n - sock_diag: fix autoloading of the raw_diag module\n (bsc#1152791).\n\n - sock_diag: request _diag module only when the family or\n proto has been registered (bsc#1152791).\n\n - staging: vt6655: Fix memory leak in vt6655_probe\n (bsc#1051510).\n\n - tcp: Do not dequeue SYN/FIN-segments from write-queue\n (git-gixes).\n\n - tcp: fix tcp_ecn_withdraw_cwr() to clear\n TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).\n\n - tcp: inherit timestamp on mtu probe\n (networking-stable-19_09_05).\n\n - tcp: remove empty skb from write queue in error cases\n (networking-stable-19_09_05).\n\n - thermal: Fix use-after-free when unregistering thermal\n zone device (bsc#1051510).\n\n - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).\n\n - tipc: add NULL pointer check before calling kfree_rcu\n (networking-stable-19_09_15).\n\n - tracing: Initialize iter->seq after zeroing in\n tracing_read_pipe() (bsc#1151508).\n\n - tun: fix use-after-free when register netdev failed\n (networking-stable-19_09_15).\n\n - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE\n (bsc#1145099).\n\n - Update\n patches.suse/NFSv4-Check-the-return-value-of-update_open\n _stateid.patch (boo#1154189 bsc#1154747).\n\n - usb: adutux: fix NULL-derefs on disconnect\n (bsc#1142635).\n\n - usb: adutux: fix use-after-free on disconnect\n (bsc#1142635).\n\n - usb: adutux: fix use-after-free on release\n (bsc#1051510).\n\n - usb: chaoskey: fix use-after-free on release\n (bsc#1051510).\n\n - usb: dummy-hcd: fix power budget for SuperSpeed mode\n (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free after driver unbind\n (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on disconnect\n (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on release\n (bsc#1051510).\n\n - usb: legousbtower: fix deadlock on disconnect\n (bsc#1142635).\n\n - usb: legousbtower: fix open after failed reset request\n (bsc#1142635).\n\n - usb: legousbtower: fix potential NULL-deref on\n disconnect (bsc#1142635).\n\n - usb: legousbtower: fix slab info leak at probe\n (bsc#1142635).\n\n - usb: legousbtower: fix use-after-free on release\n (bsc#1051510).\n\n - usb: microtek: fix info-leak at probe (bsc#1142635).\n\n - usbnet: ignore endpoints with invalid wMaxPacketSize\n (bsc#1051510).\n\n - usbnet: sanity checking of packet sizes and device mtu\n (bsc#1051510).\n\n - usb: serial: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - usb: serial: ftdi_sio: add device IDs for Sienna and\n Echelon PL-20 (bsc#1051510).\n\n - usb: serial: keyspan: fix NULL-derefs on open() and\n write() (bsc#1051510).\n\n - usb: serial: option: add support for Cinterion CLS8\n devices (bsc#1051510).\n\n - usb: serial: option: add Telit FN980 compositions\n (bsc#1051510).\n\n - usb: usblcd: fix I/O after disconnect (bsc#1142635).\n\n - usb: usblp: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - usb: usb-skeleton: fix NULL-deref on disconnect\n (bsc#1051510).\n\n - usb: usb-skeleton: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - usb: usb-skeleton: fix use-after-free after driver\n unbind (bsc#1051510).\n\n - usb: xhci: wait for CNR controller not ready bit in xhci\n resume (bsc#1051510).\n\n - usb: yurex: Do not retry on unexpected errors\n (bsc#1051510).\n\n - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510).\n\n - vfio_pci: Restore original state on release\n (bsc#1051510).\n\n - vhost_net: conditionally enable tx polling\n (bsc#1145099).\n\n - video: of: display_timing: Add of_node_put() in\n of_get_display_timing() (bsc#1051510).\n\n - watchdog: imx2_wdt: fix min() calculation in\n imx2_wdt_set_timeout (bsc#1051510).\n\n - x86/asm: Fix MWAITX C-state hint value (bsc#1114279).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs\n (bsc#1114279).\n\n - xen/netback: fix error path of xenvif_connect_data()\n (bsc#1065600).\n\n - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).\n\n - xhci: Check all endpoints for LPM timeout (bsc#1051510).\n\n - xhci: Fix false warning message about wrong bounce\n buffer write length (bsc#1051510).\n\n - xhci: Increase STS_SAVE timeout in xhci_suspend()\n (bsc#1051510).\n\n - xhci: Prevent device initiated U1/U2 link pm if exit\n latency is too long (bsc#1051510).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=118461_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=133135_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=135757_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=147830_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=147831_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=158172_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=165544_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=166495_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=172859_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=172860_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=181778_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229268_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229269_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229270_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229274_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229277_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229279_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229280_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229281_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229283_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229285_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229286_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=229297_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=296718_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=358767_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=359798_FIXME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=814594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998153\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.79.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:57:25", "description": "Linux 5.3.4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-10-08T00:00:00", "type": "nessus", "title": "Fedora 31 : kernel / kernel-headers / kernel-tools (2019-b1de72b00b)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-B1DE72B00B.NASL", "href": "https://www.tenable.com/plugins/nessus/129701", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-b1de72b00b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129701);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\");\n script_xref(name:\"FEDORA\", value:\"2019-b1de72b00b\");\n\n script_name(english:\"Fedora 31 : kernel / kernel-headers / kernel-tools (2019-b1de72b00b)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Linux 5.3.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b1de72b00b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-b1de72b00b\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"kernel-5.3.4-300.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"kernel-headers-5.3.4-300.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"kernel-tools-5.3.4-300.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-26T14:57:36", "description": "The 5.3.6 update contains a number of important fixes across the tree\n\nThis is a rebase to the 5.3 series\n\n----\n\nThe 5.2.20 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-41e28660ae)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-41E28660AE.NASL", "href": "https://www.tenable.com/plugins/nessus/130297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-41e28660ae.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130297);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\");\n script_xref(name:\"FEDORA\", value:\"2019-41e28660ae\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-41e28660ae)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.3.6 update contains a number of important fixes across the tree\n\nThis is a rebase to the 5.3 series\n\n----\n\nThe 5.2.20 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-41e28660ae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-41e28660ae\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.3.6-100.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.3.6-100.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.3.6-100.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:44:50", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809)\n\n - A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)\n\n - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055)\n\n - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0136", "CVE-2019-16234", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18806", "CVE-2019-18809", "CVE-2019-18813"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2283.NASL", "href": "https://www.tenable.com/plugins/nessus/131349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131349);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-0136\",\n \"CVE-2019-16234\",\n \"CVE-2019-16746\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18806\",\n \"CVE-2019-18809\",\n \"CVE-2019-18813\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A memory leak in the af9005_identify_state() function\n in drivers/media/usb/dvb-usb/af9005.c in the Linux\n kernel through 5.3.9 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-2289adbfa559.(CVE-2019-18809)\n\n - A memory leak in the dwc3_pci_probe() function in\n drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through\n 5.3.9 allows attackers to cause a denial of service\n (memory consumption) by triggering\n platform_device_add_properties() failures, aka\n CID-9bbfceea12a8.(CVE-2019-18813)\n\n - A memory leak in the ql_alloc_large_buffers() function\n in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux\n kernel before 5.3.5 allows local users to cause a\n denial of service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16234)\n\n - Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)\n\n - An issue was discovered in net/wireless/nl80211.c in\n the Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)\n\n - rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-0614e2b73768.(CVE-2019-17052)\n\n - ieee802154_create in net/ieee802154/socket.c in the\n AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means\n that unprivileged users can create a raw socket, aka\n CID-e69dbd4619e7.(CVE-2019-17053)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-6cc03e8aa36c.(CVE-2019-17054)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the\n AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that\n unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21.(CVE-2019-17055)\n\n - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-3a359798b176.(CVE-2019-17056)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2283\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?751dbe06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:45:44", "description": "It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, (USN-4210-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-19060", "CVE-2019-19065", "CVE-2019-19075"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4210-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131564);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19075\");\n script_xref(name:\"USN\", value:\"4210-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, (USN-4210-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a buffer overflow existed in the 802.11 Wi-Fi\nconfiguration interface for the Linux kernel when handling beacon\nsettings. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-16746)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless\ncontroller driver for the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4210-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19075\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4210-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1030-oracle\", pkgver:\"4.15.0-1030.33~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1050-gcp\", pkgver:\"4.15.0-1050.53\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1056-aws\", pkgver:\"4.15.0-1056.58~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-72-generic\", pkgver:\"4.15.0-72.81~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-72-generic-lpae\", pkgver:\"4.15.0-72.81~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-72-lowlatency\", pkgver:\"4.15.0-72.81~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1056.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1050.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1050.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1030.23\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1030-oracle\", pkgver:\"4.15.0-1030.33\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1049-gke\", pkgver:\"4.15.0-1049.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1051-kvm\", pkgver:\"4.15.0-1051.51\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1052-raspi2\", pkgver:\"4.15.0-1052.56\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1056-aws\", pkgver:\"4.15.0-1056.58\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1065-oem\", pkgver:\"4.15.0-1065.75\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1069-snapdragon\", pkgver:\"4.15.0-1069.76\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-72-generic\", pkgver:\"4.15.0-72.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-72-generic-lpae\", pkgver:\"4.15.0-72.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-72-lowlatency\", pkgver:\"4.15.0-72.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1056.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-lts-18.04\", pkgver:\"4.15.0.1056.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.72.74\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.72.74\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1049.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1049.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1051.51\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.72.74\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1065.69\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle-lts-18.04\", pkgver:\"4.15.0.1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1052.50\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1069.72\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.72.74\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:34:28", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093)\n\n* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)\n\n* SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)\n\n* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)\n\n* fix compat statfs64() returning EOVERFLOW for when\n_FILE_OFFSET_BITS=64 (BZ #1775678)\n\n* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)\n\n* Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297)\n\n* Moving Egress IP will result in conntrack sessions being DESTROYED (BZ# 1779564)\n\n* core: backports from upstream (BZ#1780033)\n\n* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)\n\n* Race between tty_open() and flush_to_ldisc() using the tty_struct-> driver_data field. (BZ#1780163)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-27T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:0374)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2020-03-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0374.NASL", "href": "https://www.tenable.com/plugins/nessus/134087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0374 and \n# CentOS Errata and Security Advisory 2020:0374 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134087);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/02\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0374\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:0374)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell\nWiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie()\nfunction in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n(CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/\nget_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Azure][7.8] Include patch 'PCI: hv: Avoid use of\nhv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat,\nnetwork interface(eth0) moved to new network namespace does not obtain\nIP address. (BZ#1766093)\n\n* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed\n(BZ#1766097)\n\n* SMB3: Do not error out on large file transfers if server responds\nwith STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path\nfailures (BZ#1770113)\n\n* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport\ncommand is reading from /proc/pagetypeinfo (BZ#1770732)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic()\n(BZ#1772812)\n\n* fix compat statfs64() returning EOVERFLOW for when\n_FILE_OFFSET_BITS=64 (BZ #1775678)\n\n* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits\nof retry delay value (BZ#1776290)\n\n* Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297)\n\n* Moving Egress IP will result in conntrack sessions being DESTROYED\n(BZ# 1779564)\n\n* core: backports from upstream (BZ#1780033)\n\n* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482!\n(BZ#1780148)\n\n* Race between tty_open() and flush_to_ldisc() using the tty_struct->\ndriver_data field. (BZ#1780163)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65128778\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:29:35", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0374 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0374)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:7.7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.7:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0374.NASL", "href": "https://www.tenable.com/plugins/nessus/133483", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0374. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133483);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0374\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0374)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0374 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in\n CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122, 362, 400, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-14898', 'CVE-2019-14901', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0374');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:34:31", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0375 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2020:0375)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:7.7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace-kvm:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.7:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0375.NASL", "href": "https://www.tenable.com/plugins/nessus/133484", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0375. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133484);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0375\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2020:0375)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0375 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in\n CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122, 362, 400, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-14898', 'CVE-2019-14901', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0375');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:29:32", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)\n\n* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)\n\n* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)\n\n* kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)\n\nThis plugin has been deprecated. Although RHSA-2020:0375 exists, it is for kernel-rt, which does not exist on CentOS. This CentOS copy of the advisory duplicates the CVEs and packages from the non-rt kernel in RHSA-2020:0374.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:0375) (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2020-03-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0375.NASL", "href": "https://www.tenable.com/plugins/nessus/133508", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/03/06. Advisory is redundant and erroneous.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0375 and \n# CentOS Errata and Security Advisory 2020:0375 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133508);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0375\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:0375) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell\nWiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie()\nfunction in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n(CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/\nget_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic()\n[kernel-rt] (BZ#1772522)\n\n* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)\n\n* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low\nlatency requirement (BZ#1781157)\n\n* kernel-rt: hard lockup panic in during execution of CFS bandwidth\nperiod timer (BZ#1788057)\n\nThis plugin has been deprecated. Although RHSA-2020:0375 exists, it is\nfor kernel-rt, which does not exist on CentOS. This CentOS copy of the\nadvisory duplicates the CVEs and packages from the non-rt kernel in\nRHSA-2020:0374.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035620.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?633091f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. It is entirely redundant to 2020:0374.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:33:46", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0374 advisory.\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2019-14816)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2020-0374)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-0374.NASL", "href": "https://www.tenable.com/plugins/nessus/133514", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-0374.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0374\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2020-0374)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-0374 advisory.\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection\n negotiation during the handling of the remote devices country settings. This could allow the remote device\n to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could\n use this flaw to obtain sensitive information, cause a denial of service, or possibly have other\n unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell\n WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a\n denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the\n availability of the system. If code execution occurs, the code will run with the permissions of root. This\n will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly\n execute arbitrary code. (CVE-2019-14816)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-0374.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1062.12.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-0374');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:06:33", "description": "Security Fix(es) :\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nBug Fix(es) :\n\n - [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n - [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address.\n (BZ#1766093)\n\n - [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)\n\n - SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n - Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)\n\n - Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)\n\n - patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)\n\n - fix compat statfs64() returning EOVERFLOW for when\n _FILE_OFFSET_BITS=64 (BZ#1775678)\n\n - Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n - RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)\n\n - Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297)\n\n - Moving Egress IP will result in conntrack sessions being DESTROYED (BZ#1779564)\n\n - core: backports from upstream (BZ#1780033)\n\n - kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)\n\n - Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780163)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-07T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200205_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133538", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133538);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-17133\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function\n of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in\n mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n (CVE-2019-14895)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c\n (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: incomplete fix for race condition between\n mmget_not_zero()/get_task_mm() and core dumping in\n CVE-2019-11599 (CVE-2019-14898)\n\nBug Fix(es) :\n\n - [Azure][7.8] Include patch 'PCI: hv: Avoid use of\n hv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n - [Hyper-V][RHEL7.8] When accelerated networking is\n enabled on RedHat, network interface(eth0) moved to new\n network namespace does not obtain IP address.\n (BZ#1766093)\n\n - [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card\n failed (BZ#1766097)\n\n - SMB3: Do not error out on large file transfers if server\n responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n - Since RHEL commit 5330f5d09820 high load can cause\n dm-multipath path failures (BZ#1770113)\n\n - Hard lockup in free_one_page()->_raw_spin_lock() because\n sosreport command is reading from /proc/pagetypeinfo\n (BZ#1770732)\n\n - patchset for x86/atomic: Fix\n smp_mb__{before,after}_atomic() (BZ#1772812)\n\n - fix compat statfs64() returning EOVERFLOW for when\n _FILE_OFFSET_BITS=64 (BZ#1775678)\n\n - Guest crash after load cpuidle-haltpoll driver\n (BZ#1776289)\n\n - RHEL 7.7 long I/O stalls with bnx2fc from not masking\n off scope bits of retry delay value (BZ#1776290)\n\n - Multiple 'mv' processes hung on a gfs2 filesystem\n (BZ#1777297)\n\n - Moving Egress IP will result in conntrack sessions being\n DESTROYED (BZ#1779564)\n\n - core: backports from upstream (BZ#1780033)\n\n - kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482!\n (BZ#1780148)\n\n - Race between tty_open() and flush_to_ldisc() using the\n tty_struct->driver_data field. (BZ#1780163)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1766089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1766093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1766097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1767621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1770113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1770732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1772812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1775678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1776289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1776290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1777297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1779564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1780033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1780148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1780163\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=1046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?177fd584\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:59:33", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4872 advisory.\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. (CVE-2019-15213)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. (CVE-2019-16994)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4872)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15213", "CVE-2019-15217", "CVE-2019-15219", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4872.NASL", "href": "https://www.tenable.com/plugins/nessus/131918", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4872.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131918);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-15213\",\n \"CVE-2019-15217\",\n \"CVE-2019-15219\",\n \"CVE-2019-16994\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4872)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4872 advisory.\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. (CVE-2019-15213)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when\n register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka\n CID-07f12b26e21a. (CVE-2019-16994)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4872.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17055\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.317.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4872');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.317.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.317.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.317.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.317.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.317.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.317.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.317.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.317.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.317.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.317.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:45:11", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-16995: A memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c. if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685).\n\n - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457).\n\n - CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound check, leading to a buffer overflow (bnc#1154372).\n\n - CVE-2019-16232:\n drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465).\n\n - CVE-2019-16234:\n drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452).\n\n - CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158).\n\n - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nThe following non-security bugs were fixed :\n\n - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).\n\n - ACPI / CPPC: do not require the _PSD method (bsc#1051510).\n\n - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).\n\n - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).\n\n - act_mirred: Fix mirred_init_module error handling (bsc#1051510).\n\n - Add Acer Aspire Ethos 8951G model quirk (bsc#1051510).\n\n - Add kernel module compression support (bsc#1135854)\n\n - ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker (bsc#1051510).\n\n - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).\n\n - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).\n\n - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).\n\n - ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).\n\n - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).\n\n - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).\n\n - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).\n\n - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).\n\n - ALSA: hda: Flush interrupts on disabling (bsc#1051510).\n\n - ALSA: hda - Force runtime PM on Nvidia HDMI codecs (bsc#1051510).\n\n - ALSA: hda/hdmi - Do not report spurious jack state changes (bsc#1051510).\n\n - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).\n\n - ALSA: hda - Inform too slow responses (bsc#1051510).\n\n - ALSA: hda/realtek - Add support for ALC711 (bsc#1051510).\n\n - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).\n\n - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).\n\n - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA (bsc#1051510).\n\n - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).\n\n - ALSA: hda/realtek - PCI quirk for Medion E4254 (bsc#1051510).\n\n - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).\n\n - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).\n\n - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).\n\n - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).\n\n - ALSA: i2c: ak4xxx-adda: Fix a possible NULL pointer dereference in build_adc_controls() (bsc#1051510).\n\n - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).\n\n - ALSA: usb-audio: Add DSD support for EVGA NU Audio (bsc#1051510).\n\n - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support (bsc#1051510).\n\n - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).\n\n - ALSA: usb-audio: Clean up check_input_term() (bsc#1051510).\n\n - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).\n\n - ALSA: usb-audio: DSD auto-detection for Playback Designs (bsc#1051510).\n\n - ALSA: usb-audio: fix PCM device order (bsc#1051510).\n\n - ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() (bsc#1051510).\n\n - ALSA: usb-audio: More validations of descriptor units (bsc#1051510).\n\n - ALSA: usb-audio: remove some dead code (bsc#1051510).\n\n - ALSA: usb-audio: Remove superfluous bLength checks (bsc#1051510).\n\n - ALSA: usb-audio: Simplify parse_audio_unit() (bsc#1051510).\n\n - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).\n\n - ALSA: usb-audio: Unify audioformat release code (bsc#1051510).\n\n - ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects (bsc#1051510).\n\n - ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel (bsc#1051510).\n\n - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30).\n\n - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).\n\n - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).\n\n - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).\n\n - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).\n\n - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).\n\n - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510).\n\n - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).\n\n - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).\n\n - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - Blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667)\n\n - blk-wbt: abstract out end IO completion handler (bsc#1135873).\n\n - blk-wbt: fix has-sleeper queueing check (bsc#1135873).\n\n - blk-wbt: improve waking of tasks (bsc#1135873).\n\n - blk-wbt: move disable check into get_limit() (bsc#1135873).\n\n - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout handler (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout handler (bsc#1148410).\n\n - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).\n\n - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).\n\n - bnxt_en: Add PCI IDs for 57500 series NPAR devices (bsc#1153607).\n\n - bpf: fix use after free in prog symbol exposure (bsc#1083647).\n\n - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).\n\n - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).\n\n - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178).\n\n - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).\n\n - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).\n\n - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).\n\n - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179).\n\n - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).\n\n - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).\n\n - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184).\n\n - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510).\n\n - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510).\n\n - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15).\n\n - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510).\n\n - ceph: fix directories inode i_blkbits initialization (bsc#1153717).\n\n - ceph: reconnect connection if session hang in opening state (bsc#1153718).\n\n - ceph: update the mtime when truncating up (bsc#1153719).\n\n - cfg80211: add and use strongly typed element iteration macros (bsc#1051510).\n\n - cfg80211: Purge frame registrations on iftype change (bsc#1051510).\n\n - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510).\n\n - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510).\n\n - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510).\n\n - crypto: af_alg - consolidation of duplicate code (bsc#1154737).\n\n - crypto: af_alg - fix race accessing cipher request (bsc#1154737).\n\n - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737).\n\n - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510).\n\n - crypto: af_alg - remove locking in async callback (bsc#1154737).\n\n - crypto: af_alg - update correct dst SGL entry (bsc#1051510).\n\n - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737).\n\n - crypto: algif_aead - copy AAD from src to dst (bsc#1154737).\n\n - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737).\n\n - crypto: algif_aead - overhaul memory management (bsc#1154737).\n\n - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737).\n\n - crypto: algif - return error code when no data was processed (bsc#1154737).\n\n - crypto: algif_skcipher - overhaul memory management (bsc#1154737).\n\n - crypto: talitos - fix missing break in switch statement (bsc#1142635).\n\n - cxgb4: do not dma memory off of the stack (bsc#1152790).\n\n - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129).\n\n - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05).\n\n - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129).\n\n - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513).\n\n - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).\n\n - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129).\n\n - dasd_fba: Display '00000000' for zero page when dumping sense\n\n - /dev/mem: Bail out upon SIGKILL (git-fixes).\n\n - drm: add __user attribute to ptr_to_compat() (bsc#1111666).\n\n - drm/amd/display: fix issue where 252-255 values are clipped (bsc#1111666).\n\n - drm/amd/display: reprogram VM config when system resume (bsc#1111666).\n\n - drm/amd/display: Restore backlight brightness after system resume (bsc#1112178)\n\n - drm/amd/display: support spdif (bsc#1111666).\n\n - drm/amd/dm: Understand why attaching path/tile properties are needed (bsc#1111666).\n\n - drm/amdgpu: Check for valid number of registers to read (bsc#1051510).\n\n - drm/amdgpu: Fix KFD-related kernel oops on Hawaii (bsc#1111666).\n\n - drm/amdgpu/gfx9: Update gfx9 golden settings (bsc#1111666).\n\n - drm/amdgpu/si: fix ASIC tests (git-fixes).\n\n - drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666).\n\n - drm/amdkfd: Add missing Polaris10 ID (bsc#1111666).\n\n - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510).\n\n - drm/amd/pp: Fix truncated clock value when set watermark (bsc#1111666).\n\n - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510).\n\n - drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors (bsc#1111666).\n\n - drm/atomic_helper: Disallow new modesets on unregistered connectors (bsc#1111666).\n\n - drm/atomic_helper: Stop modesets on unregistered connectors harder (bsc#1111666).\n\n - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510).\n\n - drm/bridge: tfp410: fix memleak in get_modes() (bsc#1111666).\n\n - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510).\n\n - drm: Flush output polling on shutdown (bsc#1051510).\n\n - drm/i915: Cleanup gt powerstate from gem (bsc#1111666).\n\n - drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666).\n\n - drm/i915/gvt: update vgpu workload head pointer correctly (bsc#1112178)\n\n - drm/i915: Restore sane defaults for KMS on GEM error load (bsc#1111666).\n\n - drm/mediatek: set DMA max segment size (bsc#1111666).\n\n - drm/msm/dsi: Fix return value check for clk_get_parent (bsc#1111666).\n\n - drm/msm/dsi: Implement reset correctly (bsc#1051510).\n\n - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling (bsc#1111666).\n\n - drm/nouveau/kms/nv50-: Do not create MSTMs for eDP connectors (bsc#1112178)\n\n - drm/nouveau/volt: Fix for some cards having 0 maximum voltage (bsc#1111666).\n\n - drm/omap: fix max fclk divider for omap36xx (bsc#1111666).\n\n - drm/panel: check failure cases in the probe func (bsc#1111666).\n\n - drm/panel: make drm_panel.h self-contained (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC (bsc#1111666).\n\n - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510).\n\n - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed (bsc#1111666).\n\n - drm/radeon: Fix EEH during kexec (bsc#1051510).\n\n - drm: rcar-du: lvds: Fix bridge_to_rcar_lvds (bsc#1111666).\n\n - drm/rockchip: Check for fast link training before enabling psr (bsc#1111666).\n\n - drm/stm: attach gem fence to atomic state (bsc#1111666).\n\n - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510).\n\n - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510).\n\n - e1000e: add workaround for possible stalled packet (bsc#1051510).\n\n - efi/arm: Show SMBIOS bank/device location in CPER and GHES error logs (bsc#1152033).\n\n - efi: cper: print AER info of PCIe fatal error (bsc#1051510).\n\n - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510).\n\n - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510).\n\n - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes).\n\n - Fix AMD IOMMU kABI (bsc#1154610).\n\n - Fix KVM kABI after x86 mmu backports (bsc#1117665).\n\n - gpu: drm: radeon: Fix a possible NULL pointer dereference in radeon_connector_set_property() (bsc#1051510).\n\n - HID: apple: Fix stuck function keys when using FN (bsc#1051510).\n\n - HID: fix error message in hid_open_report() (bsc#1051510).\n\n - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510).\n\n - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510).\n\n - HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510).\n\n - HID: prodikeys: Fix general protection fault during probe (bsc#1051510).\n\n - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510).\n\n - hso: fix NULL-deref on tty open (bsc#1051510).\n\n - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510).\n\n - hwrng: core - do not wait on add_early_randomness() (git-fixes).\n\n - i2c: riic: Clear NACK in tend isr (bsc#1051510).\n\n - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108)\n\n - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449).\n\n - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205).\n\n - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205).\n\n - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305).\n\n - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510).\n\n - ieee802154: ca8210: prevent memory leak (bsc#1051510).\n\n - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - iio: adc: ad799x: fix probe error handling (bsc#1051510).\n\n - iio: light: opt3001: fix mutex unlock race (bsc#1051510).\n\n - ima: always return negative code for error (bsc#1051510).\n\n - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510).\n\n - Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510).\n\n - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799).\n\n - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608).\n\n - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799).\n\n - iommu/amd: Remove domain->updated (bsc#1154610).\n\n - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611).\n\n - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510).\n\n - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05).\n\n - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).\n\n - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05).\n\n - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (bsc#1111666).\n\n - ixgbe: Fix secpath usage for IPsec TX offload (bsc#1113994 bsc#1151807).\n\n - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674).\n\n - ixgbe: sync the first fragment unconditionally (bsc#1133140).\n\n - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).\n\n - kABI workaround for crypto/af_alg changes (bsc#1154737).\n\n - kABI workaround for drm_connector.registered type changes (bsc#1111666).\n\n - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510).\n\n - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578).\n\n - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354).\n\n - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875).\n\n - ksm: cleanup stable_node chain collapse case (bnc#1144338).\n\n - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338).\n\n - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338).\n\n - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338).\n\n - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338).\n\n - kvm: Convert kvm_lock to a mutex (bsc#1117665).\n\n - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665).\n\n - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840).\n\n - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665).\n\n - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665).\n\n - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665).\n\n - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665).\n\n - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665).\n\n - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665).\n\n - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665).\n\n - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510).\n\n - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).\n\n - libnvdimm/security: provide fix for secure-erase to use zero-key (bsc#1149853).\n\n - lpfc: Add additional discovery log messages (bsc#1154521).\n\n - lpfc: Add FA-WWN Async Event reporting (bsc#1154521).\n\n - lpfc: Add FC-AL support to lpe32000 models (bsc#1154521).\n\n - lpfc: Add log macros to allow print by serverity or verbocity setting (bsc#1154521).\n\n - lpfc: Fix bad ndlp ptr in xri aborted handling (bsc#1154521).\n\n - lpfc: fix coverity error of dereference after null check (bsc#1154521).\n\n - lpfc: Fix hardlockup in lpfc_abort_handler (bsc#1154521).\n\n - lpfc: Fix lockdep errors in sli_ringtx_put (bsc#1154521).\n\n - lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count (bsc#1154521).\n\n - lpfc: Fix reporting of read-only fw error errors (bsc#1154521).\n\n - lpfc: Fix SLI3 hba in loop mode not discovering devices (bsc#1154521).\n\n - lpfc: Make FW logging dynamically configurable (bsc#1154521).\n\n - lpfc: Remove lock contention target write path (bsc#1154521).\n\n - lpfc: Revise interrupt coalescing for missing scenarios (bsc#1154521).\n\n - lpfc: Slight fast-path Performance optimizations (bsc#1154521).\n\n - lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521).\n\n - mac80211: accept deauth frames in IBSS mode (bsc#1051510).\n\n - mac80211: fix txq NULL pointer dereference (bsc#1051510).\n\n - mac80211: Reject malformed SSID elements (bsc#1051510).\n\n - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510).\n\n - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642).\n\n - media: cpia2_usb: fix memory leaks (bsc#1051510).\n\n - media: dvb-core: fix a memory leak bug (bsc#1051510).\n\n - media: exynos4-is: fix leaked of_node references (bsc#1051510).\n\n - media: gspca: zero usb_buf on error (bsc#1051510).\n\n - media: hdpvr: Add device num check and handling (bsc#1051510).\n\n - media: hdpvr: add terminating 0 at end of string (bsc#1051510).\n\n - media: i2c: ov5645: Fix power sequence (bsc#1051510).\n\n - media: iguanair: add sanity checks (bsc#1051510).\n\n - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510).\n\n - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510).\n\n - media: ov9650: add a sanity check (bsc#1051510).\n\n - media: radio/si470x: kill urb on error (bsc#1051510).\n\n - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).\n\n - media: saa7146: add cleanup in hexium_attach() (bsc#1051510).\n\n - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510).\n\n - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510).\n\n - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510).\n\n - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510).\n\n - mfd: intel-lpss: Remove D3cold delay (bsc#1051510).\n\n - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05).\n\n - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510).\n\n - mmc: sdhci: improve ADMA error reporting (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510).\n\n - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).\n\n - net: Fix null de-reference of device refcount (networking-stable-19_09_15).\n\n - net: fix skb use after free in netpoll (networking-stable-19_09_05).\n\n - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15).\n\n - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).\n\n - net/mlx4_en: fix a memory leak bug (bsc#1046299).\n\n - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ).\n\n - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ).\n\n - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30).\n\n - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05).\n\n - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30).\n\n - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05).\n\n - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848).\n\n - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848).\n\n - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612).\n\n - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30).\n\n - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).\n\n - net_sched: add policy validation for action attributes (networking-stable-19_09_30).\n\n - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes).\n\n - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05).\n\n - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05).\n\n - nfc: fix attrs checks in netlink interface (bsc#1051510).\n\n - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).\n\n - nfc: pn533: fix use-after-free and memleaks (bsc#1051510).\n\n - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).\n\n - nl80211: fix NULL pointer dereference (bsc#1051510).\n\n - objtool: Clobber user CFLAGS variable (bsc#1153236).\n\n - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30).\n\n - packaging: add support for riscv64\n\n - PCI: Correct pci=resource_alignment parameter example (bsc#1051510).\n\n - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).\n\n - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263).\n\n - PCI: PM: Fix pci_power_up() (bsc#1051510).\n\n - pinctrl: cherryview: restore Strago DMI workaround for all versions (bsc#1111666).\n\n - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510).\n\n - platform/x86: classmate-laptop: remove unused variable (bsc#1051510).\n\n - platform/x86: i2c-multi-instantiate: Derive the device name from parent (bsc#1111666).\n\n - platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (bsc#1111666).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510).\n\n - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186).\n\n - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186).\n\n - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186).\n\n - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).\n\n - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186).\n\n - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186).\n\n - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186).\n\n - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186).\n\n - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186).\n\n - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778).\n\n - powerpc/pseries: Remove confusing warning message (bsc#1109158).\n\n - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778).\n\n - powerplay: Respect units on max dcfclk watermark (bsc#1111666).\n\n - power: supply: sysfs: ratelimit property read error message (bsc#1051510).\n\n - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545).\n\n - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05).\n\n - r8152: Set macpassthru in reset_resume callback (bsc#1051510).\n\n - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244).\n\n - RDMA: Fix goto target to release the allocated memory (bsc#1050244).\n\n - rds: Fix warning (bsc#1154848).\n\n - Revert 'drm/amd/display: Fix underscan not using proper scaling' (bsc#1111666).\n\n - Revert 'drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD' (bsc#1111666).\n\n - Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510).\n\n - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635).\n\n - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476).\n\n - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091).\n\n - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05).\n\n - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05).\n\n - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15).\n\n - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30).\n\n - scsi: lpfc: Check queue pointer before use (bsc#1154242).\n\n - scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt (bsc#1154521).\n\n - scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters (bsc#1154521).\n\n - scsi: lpfc: Convert existing %pf users to %ps (bsc#1154521).\n\n - scsi: lpfc: Fix coverity errors on NULL pointer checks (bsc#1154521).\n\n - scsi: lpfc: Fix device recovery errors after PLOGI failures (bsc#1154521).\n\n - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040).\n\n - scsi: lpfc: Fix discovery failures when target device connectivity bounces (bsc#1154521).\n\n - scsi: lpfc: Fix GPF on scsi command completion (bsc#1154521).\n\n - scsi: lpfc: Fix hdwq sgl locks and irq handling (bsc#1154521).\n\n - scsi: lpfc: Fix host hang at boot or slow boot (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq (bsc#1154521).\n\n - scsi: lpfc: Fix locking on mailbox command completion (bsc#1154521).\n\n - scsi: lpfc: Fix miss of register read failure check (bsc#1154521).\n\n - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845).\n\n - scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS (bsc#1154521).\n\n - scsi: lpfc: Fix NVME io abort failures causing hangs (bsc#1154521).\n\n - scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down (bsc#1154521).\n\n - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883).\n\n - scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs (bsc#1154521).\n\n - scsi: lpfc: Fix rpi release when deleting vport (bsc#1154521).\n\n - scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() (bsc#1154521).\n\n - scsi: lpfc: Make function lpfc_defer_pt2pt_acc static (bsc#1154521).\n\n - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).\n\n - scsi: lpfc: remove left-over BUILD_NVME defines (bsc#1154268).\n\n - scsi: lpfc: Update async event logging (bsc#1154521).\n\n - scsi: lpfc: Update lpfc version to 12.4.0.1 (bsc#1154521).\n\n - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291).\n\n - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729).\n\n - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).\n\n - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15).\n\n - Sign non-x86 kernels when possible (boo#1134303)\n\n - skge: fix checksum byte order (networking-stable-19_09_30).\n\n - sock_diag: fix autoloading of the raw_diag module (bsc#1152791).\n\n - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791).\n\n - staging: bcm2835-audio: Fix draining behavior regression (bsc#1111666).\n\n - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510).\n\n - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510).\n\n - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes).\n\n - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).\n\n - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05).\n\n - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05).\n\n - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510).\n\n - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).\n\n - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15).\n\n - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05).\n\n - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508).\n\n - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15).\n\n - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).\n\n - Update patches.suse/NFSv4-Check-the-return-value-of-update_open\n _stateid.patch (boo#1154189 bsc#1154747).\n\n - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635).\n\n - usb: adutux: fix use-after-free on disconnect (bsc#1142635).\n\n - usb: adutux: fix use-after-free on release (bsc#1051510).\n\n - usb: chaoskey: fix use-after-free on release (bsc#1051510).\n\n - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on release (bsc#1051510).\n\n - usb: ldusb: fix memleak on disconnect (bsc#1051510).\n\n - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510).\n\n - usb: ldusb: fix read info leaks (bsc#1051510).\n\n - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510).\n\n - usb: legousbtower: fix deadlock on disconnect (bsc#1142635).\n\n - usb: legousbtower: fix memleak on disconnect (bsc#1051510).\n\n - usb: legousbtower: fix open after failed reset request (bsc#1142635).\n\n - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635).\n\n - usb: legousbtower: fix slab info leak at probe (bsc#1142635).\n\n - usb: legousbtower: fix use-after-free on release (bsc#1051510).\n\n - usb: microtek: fix info-leak at probe (bsc#1142635).\n\n - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510).\n\n - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510).\n\n - usb: serial: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510).\n\n - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510).\n\n - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510).\n\n - usb: serial: option: add Telit FN980 compositions (bsc#1051510).\n\n - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510).\n\n - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510).\n\n - usb: usblcd: fix I/O after disconnect (bsc#1142635).\n\n - usb: usblp: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: usblp: fix use-after-free on disconnect (bsc#1051510).\n\n - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510).\n\n - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510).\n\n - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510).\n\n - usb: yurex: Do not retry on unexpected errors (bsc#1051510).\n\n - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510).\n\n - vfio_pci: Restore original state on release (bsc#1051510).\n\n - vhost_net: conditionally enable tx polling (bsc#1145099).\n\n - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510).\n\n - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05).\n\n - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510).\n\n - x86/asm: Fix MWAITX C-state hint value (bsc#1114279).\n\n - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969).\n\n - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279).\n\n - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600).\n\n - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).\n\n - xhci: Check all endpoints for LPM timeout (bsc#1051510).\n\n - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510).\n\n - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510).\n\n - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2444.NASL", "href": "https://www.tenable.com/plugins/nessus/130582", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2444.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130582);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-16232\", \"CVE-2019-16233\", \"CVE-2019-16234\", \"CVE-2019-16995\", \"CVE-2019-17056\", \"CVE-2019-17133\", \"CVE-2019-17666\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)\");\n script_summary(english:\"Check for the openSUSE-2019-2444 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-16995: A memory leak exits in\n hsr_dev_finalize() in net/hsr/hsr_device.c. if\n hsr_add_port fails to add a port, which may cause denial\n of service, aka CID-6caabe7f197d (bnc#1152685).\n\n - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150457).\n\n - CVE-2019-17666: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c lacked a\n certain upper-bound check, leading to a buffer overflow\n (bnc#1154372).\n\n - CVE-2019-16232:\n drivers/net/wireless/marvell/libertas/if_sdio.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150465).\n\n - CVE-2019-16234:\n drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150452).\n\n - CVE-2019-17133: cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c did not reject a long SSID IE,\n leading to a Buffer Overflow (bnc#1153158).\n\n - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c\n in the AF_NFC network module did not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nThe following non-security bugs were fixed :\n\n - 9p: avoid attaching writeback_fid on mmap with type\n PRIVATE (bsc#1051510).\n\n - ACPI / CPPC: do not require the _PSD method\n (bsc#1051510).\n\n - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in\n acpi_cppc_processor_exit() (bsc#1051510).\n\n - ACPI / processor: do not print errors for processorIDs\n == 0xff (bsc#1051510).\n\n - act_mirred: Fix mirred_init_module error handling\n (bsc#1051510).\n\n - Add Acer Aspire Ethos 8951G model quirk (bsc#1051510).\n\n - Add kernel module compression support (bsc#1135854)\n\n - ALSA: hda - Add a quirk model for fixing Huawei Matebook\n X right speaker (bsc#1051510).\n\n - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).\n\n - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop\n (bsc#1051510).\n\n - ALSA: hda: Add support of Zhaoxin controller\n (bsc#1051510).\n\n - ALSA: hda: Add Tigerlake/Jasperlake PCI ID\n (bsc#1051510).\n\n - ALSA: hda - Apply AMD controller workaround for Raven\n platform (bsc#1051510).\n\n - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269\n family (bsc#1051510).\n\n - ALSA: hda - Drop unsol event handler for Intel HDMI\n codecs (bsc#1051510).\n\n - ALSA: hda - Expand pin_match function to match upcoming\n new tbls (bsc#1051510).\n\n - ALSA: hda: Flush interrupts on disabling (bsc#1051510).\n\n - ALSA: hda - Force runtime PM on Nvidia HDMI codecs\n (bsc#1051510).\n\n - ALSA: hda/hdmi - Do not report spurious jack state\n changes (bsc#1051510).\n\n - ALSA: hda/hdmi: remove redundant assignment to variable\n pcm_idx (bsc#1051510).\n\n - ALSA: hda - Inform too slow responses (bsc#1051510).\n\n - ALSA: hda/realtek - Add support for ALC711\n (bsc#1051510).\n\n - ALSA: hda/realtek - Blacklist PC beep for Lenovo\n ThinkCentre M73/93 (bsc#1051510).\n\n - ALSA: hda/realtek - Check beep whitelist before\n assigning in all codecs (bsc#1051510).\n\n - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA\n (bsc#1051510).\n\n - ALSA: hda/realtek - Fix alienware headset mic\n (bsc#1051510).\n\n - ALSA: hda/realtek - PCI quirk for Medion E4254\n (bsc#1051510).\n\n - ALSA: hda/realtek: Reduce the Headphone static noise on\n XPS 9350/9360 (bsc#1051510).\n\n - ALSA: hda: Set fifo_size for both playback and capture\n streams (bsc#1051510).\n\n - ALSA: hda - Show the fatal CORB/RIRB error more clearly\n (bsc#1051510).\n\n - ALSA: hda/sigmatel - remove unused variable\n 'stac9200_core_init' (bsc#1051510).\n\n - ALSA: i2c: ak4xxx-adda: Fix a possible NULL pointer\n dereference in build_adc_controls() (bsc#1051510).\n\n - ALSA: line6: sizeof (byte) is always 1, use that fact\n (bsc#1051510).\n\n - ALSA: usb-audio: Add DSD support for EVGA NU Audio\n (bsc#1051510).\n\n - ALSA: usb-audio: Add Hiby device family to quirks for\n native DSD support (bsc#1051510).\n\n - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck\n (bsc#1051510).\n\n - ALSA: usb-audio: Clean up check_input_term()\n (bsc#1051510).\n\n - ALSA: usb-audio: Disable quirks for BOSS Katana\n amplifiers (bsc#1051510).\n\n - ALSA: usb-audio: DSD auto-detection for Playback Designs\n (bsc#1051510).\n\n - ALSA: usb-audio: fix PCM device order (bsc#1051510).\n\n - ALSA: usb-audio: Fix possible NULL dereference at\n create_yamaha_midi_quirk() (bsc#1051510).\n\n - ALSA: usb-audio: More validations of descriptor units\n (bsc#1051510).\n\n - ALSA: usb-audio: remove some dead code (bsc#1051510).\n\n - ALSA: usb-audio: Remove superfluous bLength checks\n (bsc#1051510).\n\n - ALSA: usb-audio: Simplify parse_audio_unit()\n (bsc#1051510).\n\n - ALSA: usb-audio: Skip bSynchAddress endpoint check if it\n is invalid (bsc#1051510).\n\n - ALSA: usb-audio: Unify audioformat release code\n (bsc#1051510).\n\n - ALSA: usb-audio: Unify the release of\n usb_mixer_elem_info objects (bsc#1051510).\n\n - ALSA: usb-audio: Update DSD support quirks for Oppo and\n Rotel (bsc#1051510).\n\n - appletalk: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - arcnet: provide a buffer big enough to actually receive\n packets (networking-stable-19_09_30).\n\n - ASoC: Define a set of DAPM pre/post-up events\n (bsc#1051510).\n\n - ASoC: dmaengine: Make the pcm->name equal to pcm->id if\n the name is not set (bsc#1051510).\n\n - ASoC: Intel: Fix use of potentially uninitialized\n variable (bsc#1051510).\n\n - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).\n\n - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).\n\n - ASoC: rsnd: Reinitialize bit clock inversion flag for\n every format setting (bsc#1051510).\n\n - ASoC: sgtl5000: Fix charge pump source assignment\n (bsc#1051510).\n\n - auxdisplay: panel: need to delete scan_timer when\n misc_register fails in panel_attach (bsc#1051510).\n\n - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - Blacklist 'signal: Correct namespace fixups of si_pid\n and si_uid' (bsc#1142667)\n\n - blk-wbt: abstract out end IO completion handler\n (bsc#1135873).\n\n - blk-wbt: fix has-sleeper queueing check (bsc#1135873).\n\n - blk-wbt: improve waking of tasks (bsc#1135873).\n\n - blk-wbt: move disable check into get_limit()\n (bsc#1135873).\n\n - blk-wbt: use wq_has_sleeper() for wq active check\n (bsc#1135873).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout\n handler (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout\n handler (bsc#1148410).\n\n - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth\n devices (bsc#1051510).\n\n - bnx2x: Fix VF's VLAN reconfiguration in reload\n (bsc#1086323 ).\n\n - bnxt_en: Add PCI IDs for 57500 series NPAR devices\n (bsc#1153607).\n\n - bpf: fix use after free in prog symbol exposure\n (bsc#1083647).\n\n - bridge/mdb: remove wrong use of NLM_F_MULTI\n (networking-stable-19_09_15).\n\n - btrfs: bail out gracefully rather than BUG_ON\n (bsc#1153646).\n\n - btrfs: block-group: Fix a memory leak due to missing\n btrfs_put_block_group() (bsc#1155178).\n\n - btrfs: check for the full sync flag while holding the\n inode lock during fsync (bsc#1153713).\n\n - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to\n date values (bsc#1154651).\n\n - btrfs: Ensure replaced device does not have pending\n chunk allocation (bsc#1154607).\n\n - btrfs: qgroup: Always free PREALLOC META reserve in\n btrfs_delalloc_release_extents() (bsc#1155179).\n\n - btrfs: remove wrong use of volume_mutex from\n btrfs_dev_replace_start (bsc#1154651).\n\n - btrfs: tracepoints: Fix bad entry members of qgroup\n events (bsc#1155186).\n\n - btrfs: tracepoints: Fix wrong parameter order for qgroup\n events (bsc#1155184).\n\n - can: mcp251x: mcp251x_hw_reset(): allow more time after\n a reset (bsc#1051510).\n\n - can: xilinx_can: xcan_probe(): skip error message on\n deferred probe (bsc#1051510).\n\n - cdc_ether: fix rndis support for Mediatek based\n smartphones (networking-stable-19_09_15).\n\n - cdc_ncm: fix divide-by-zero caused by invalid\n wMaxPacketSize (bsc#1051510).\n\n - ceph: fix directories inode i_blkbits initialization\n (bsc#1153717).\n\n - ceph: reconnect connection if session hang in opening\n state (bsc#1153718).\n\n - ceph: update the mtime when truncating up (bsc#1153719).\n\n - cfg80211: add and use strongly typed element iteration\n macros (bsc#1051510).\n\n - cfg80211: Purge frame registrations on iftype change\n (bsc#1051510).\n\n - clk: at91: select parent if main oscillator or bypass is\n enabled (bsc#1051510).\n\n - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: sirf: Do not reference clk_init_data after\n registration (bsc#1051510).\n\n - clk: zx296718: Do not reference clk_init_data after\n registration (bsc#1051510).\n\n - crypto: af_alg - consolidation of duplicate code\n (bsc#1154737).\n\n - crypto: af_alg - fix race accessing cipher request\n (bsc#1154737).\n\n - crypto: af_alg - Fix race around ctx->rcvused by making\n it atomic_t (bsc#1154737).\n\n - crypto: af_alg - Initialize sg_num_bytes in error code\n path (bsc#1051510).\n\n - crypto: af_alg - remove locking in async callback\n (bsc#1154737).\n\n - crypto: af_alg - update correct dst SGL entry\n (bsc#1051510).\n\n - crypto: af_alg - wait for data at beginning of recvmsg\n (bsc#1154737).\n\n - crypto: algif_aead - copy AAD from src to dst\n (bsc#1154737).\n\n - crypto: algif_aead - fix reference counting of null\n skcipher (bsc#1154737).\n\n - crypto: algif_aead - overhaul memory management\n (bsc#1154737).\n\n - crypto: algif_aead - skip SGL entries with NULL page\n (bsc#1154737).\n\n - crypto: algif - return error code when no data was\n processed (bsc#1154737).\n\n - crypto: algif_skcipher - overhaul memory management\n (bsc#1154737).\n\n - crypto: talitos - fix missing break in switch statement\n (bsc#1142635).\n\n - cxgb4: do not dma memory off of the stack (bsc#1152790).\n\n - cxgb4: fix endianness for vlan value in cxgb4_tc_flower\n (bsc#1064802 bsc#1066129).\n\n - cxgb4:Fix out-of-bounds MSI-X info array access\n (networking-stable-19_10_05).\n\n - cxgb4: offload VLAN flows regardless of VLAN ethtype\n (bsc#1064802 bsc#1066129).\n\n - cxgb4: reduce kernel stack usage in\n cudbg_collect_mem_region() (bsc#1073513).\n\n - cxgb4: Signedness bug in init_one() (bsc#1097585\n bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583\n bsc#1097584).\n\n - cxgb4: smt: Add lock for atomic_dec_and_test\n (bsc#1064802 bsc#1066129).\n\n - dasd_fba: Display '00000000' for zero page when dumping\n sense\n\n - /dev/mem: Bail out upon SIGKILL (git-fixes).\n\n - drm: add __user attribute to ptr_to_compat()\n (bsc#1111666).\n\n - drm/amd/display: fix issue where 252-255 values are\n clipped (bsc#1111666).\n\n - drm/amd/display: reprogram VM config when system resume\n (bsc#1111666).\n\n - drm/amd/display: Restore backlight brightness after\n system resume (bsc#1112178)\n\n - drm/amd/display: support spdif (bsc#1111666).\n\n - drm/amd/dm: Understand why attaching path/tile\n properties are needed (bsc#1111666).\n\n - drm/amdgpu: Check for valid number of registers to read\n (bsc#1051510).\n\n - drm/amdgpu: Fix KFD-related kernel oops on Hawaii\n (bsc#1111666).\n\n - drm/amdgpu/gfx9: Update gfx9 golden settings\n (bsc#1111666).\n\n - drm/amdgpu/si: fix ASIC tests (git-fixes).\n\n - drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666).\n\n - drm/amdkfd: Add missing Polaris10 ID (bsc#1111666).\n\n - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)\n (bsc#1051510).\n\n - drm/amd/pp: Fix truncated clock value when set watermark\n (bsc#1111666).\n\n - drm/ast: Fixed reboot test may cause system hanged\n (bsc#1051510).\n\n - drm/atomic_helper: Allow DPMS On<->Off changes for\n unregistered connectors (bsc#1111666).\n\n - drm/atomic_helper: Disallow new modesets on unregistered\n connectors (bsc#1111666).\n\n - drm/atomic_helper: Stop modesets on unregistered\n connectors harder (bsc#1111666).\n\n - drm/bridge: tc358767: Increase AUX transfer length limit\n (bsc#1051510).\n\n - drm/bridge: tfp410: fix memleak in get_modes()\n (bsc#1111666).\n\n - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50\n (bsc#1051510).\n\n - drm: Flush output polling on shutdown (bsc#1051510).\n\n - drm/i915: Cleanup gt powerstate from gem (bsc#1111666).\n\n - drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666).\n\n - drm/i915/gvt: update vgpu workload head pointer\n correctly (bsc#1112178)\n\n - drm/i915: Restore sane defaults for KMS on GEM error\n load (bsc#1111666).\n\n - drm/mediatek: set DMA max segment size (bsc#1111666).\n\n - drm/msm/dsi: Fix return value check for clk_get_parent\n (bsc#1111666).\n\n - drm/msm/dsi: Implement reset correctly (bsc#1051510).\n\n - drm/nouveau/disp/nv50-: fix center/aspect-corrected\n scaling (bsc#1111666).\n\n - drm/nouveau/kms/nv50-: Do not create MSTMs for eDP\n connectors (bsc#1112178)\n\n - drm/nouveau/volt: Fix for some cards having 0 maximum\n voltage (bsc#1111666).\n\n - drm/omap: fix max fclk divider for omap36xx\n (bsc#1111666).\n\n - drm/panel: check failure cases in the probe func\n (bsc#1111666).\n\n - drm/panel: make drm_panel.h self-contained\n (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add extra quirk table\n entry for GPD MicroPC (bsc#1111666).\n\n - drm/panel: simple: fix AUO g185han01 horizontal blanking\n (bsc#1051510).\n\n - drm/radeon: Bail earlier when radeon.cik_/si_support=0\n is passed (bsc#1111666).\n\n - drm/radeon: Fix EEH during kexec (bsc#1051510).\n\n - drm: rcar-du: lvds: Fix bridge_to_rcar_lvds\n (bsc#1111666).\n\n - drm/rockchip: Check for fast link training before\n enabling psr (bsc#1111666).\n\n - drm/stm: attach gem fence to atomic state (bsc#1111666).\n\n - drm/tilcdc: Register cpufreq notifier after we have\n initialized crtc (bsc#1051510).\n\n - drm/vmwgfx: Fix double free in vmw_recv_msg()\n (bsc#1051510).\n\n - e1000e: add workaround for possible stalled packet\n (bsc#1051510).\n\n - efi/arm: Show SMBIOS bank/device location in CPER and\n GHES error logs (bsc#1152033).\n\n - efi: cper: print AER info of PCIe fatal error\n (bsc#1051510).\n\n - efi/memattr: Do not bail on zero VA if it equals the\n region's PA (bsc#1051510).\n\n - efivar/ssdt: Do not iterate over EFI vars if no SSDT\n override was specified (bsc#1051510).\n\n - firmware: dmi: Fix unlikely out-of-bounds read in\n save_mem_devices (git-fixes).\n\n - Fix AMD IOMMU kABI (bsc#1154610).\n\n - Fix KVM kABI after x86 mmu backports (bsc#1117665).\n\n - gpu: drm: radeon: Fix a possible NULL pointer\n dereference in radeon_connector_set_property()\n (bsc#1051510).\n\n - HID: apple: Fix stuck function keys when using FN\n (bsc#1051510).\n\n - HID: fix error message in hid_open_report()\n (bsc#1051510).\n\n - HID: hidraw: Fix invalid read in hidraw_ioctl\n (bsc#1051510).\n\n - HID: logitech: Fix general protection fault caused by\n Logitech driver (bsc#1051510).\n\n - HID: logitech-hidpp: do all FF cleanup in\n hidpp_ff_destroy() (bsc#1051510).\n\n - HID: prodikeys: Fix general protection fault during\n probe (bsc#1051510).\n\n - HID: sony: Fix memory corruption issue on cleanup\n (bsc#1051510).\n\n - hso: fix NULL-deref on tty open (bsc#1051510).\n\n - hwmon: (acpi_power_meter) Change log level for 'unsafe\n software power cap' (bsc#1051510).\n\n - hwrng: core - do not wait on add_early_randomness()\n (git-fixes).\n\n - i2c: riic: Clear NACK in tend isr (bsc#1051510).\n\n - IB/core, ipoib: Do not overreact to SM LID change event\n (bsc#1154108)\n\n - IB/hfi1: Remove overly conservative VM_EXEC flag check\n (bsc#1144449).\n\n - IB/mlx5: Consolidate use_umr checks into single function\n (bsc#1093205).\n\n - IB/mlx5: Fix MR re-registration flow to use UMR properly\n (bsc#1093205).\n\n - IB/mlx5: Report correctly tag matching rendezvous\n capability (bsc#1046305).\n\n - ieee802154: atusb: fix use-after-free at disconnect\n (bsc#1051510).\n\n - ieee802154: ca8210: prevent memory leak (bsc#1051510).\n\n - ieee802154: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - iio: adc: ad799x: fix probe error handling\n (bsc#1051510).\n\n - iio: light: opt3001: fix mutex unlock race\n (bsc#1051510).\n\n - ima: always return negative code for error\n (bsc#1051510).\n\n - Input: da9063 - fix capability and drop KEY_SLEEP\n (bsc#1051510).\n\n - Input: synaptics-rmi4 - avoid processing unknown IRQs\n (bsc#1051510).\n\n - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer\n Aspire A315-41 (bsc#1137799).\n\n - iommu/amd: Check PM_LEVEL_SIZE() condition in locked\n section (bsc#1154608).\n\n - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge\n systems (bsc#1137799).\n\n - iommu/amd: Remove domain->updated (bsc#1154610).\n\n - iommu/amd: Wait for completion of IOTLB flush in\n attach_device (bsc#1154611).\n\n - ipmi_si: Only schedule continuously in the thread in\n maintenance mode (bsc#1051510).\n\n - ipv6: drop incoming packets having a v4mapped source\n address (networking-stable-19_10_05).\n\n - ipv6: Fix the link time qualifier of\n 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).\n\n - ipv6: Handle missing host route in __ipv6_ifa_notify\n (networking-stable-19_10_05).\n\n - iwlwifi: pcie: fix memory leaks in\n iwl_pcie_ctxt_info_gen3_init (bsc#1111666).\n\n - ixgbe: Fix secpath usage for IPsec TX offload\n (bsc#1113994 bsc#1151807).\n\n - ixgbe: Prevent u8 wrapping of ITR value to something\n less than 10us (bsc#1101674).\n\n - ixgbe: sync the first fragment unconditionally\n (bsc#1133140).\n\n - kabi: net: sched: act_sample: fix psample group handling\n on overwrite (networking-stable-19_09_05).\n\n - kABI workaround for crypto/af_alg changes (bsc#1154737).\n\n - kABI workaround for drm_connector.registered type\n changes (bsc#1111666).\n\n - kABI workaround for snd_hda_pick_pin_fixup() changes\n (bsc#1051510).\n\n - kernel-binary.spec.in: Fix build of non-modular kernels\n (boo#1154578).\n\n - kernel-subpackage-build: create zero size ghost for\n uncompressed vmlinux (bsc#1154354).\n\n - kernel/sysctl.c: do not override max_threads provided by\n userspace (bnc#1150875).\n\n - ksm: cleanup stable_node chain collapse case\n (bnc#1144338).\n\n - ksm: fix use after free with merge_across_nodes = 0\n (bnc#1144338).\n\n - ksm: introduce ksm_max_page_sharing per page\n deduplication limit (bnc#1144338).\n\n - ksm: optimize refile of stable_node_dup at the head of\n the chain (bnc#1144338).\n\n - ksm: swap the two output parameters of chain/chain_prune\n (bnc#1144338).\n\n - kvm: Convert kvm_lock to a mutex (bsc#1117665).\n\n - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665).\n\n - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing\n host_ipi flag (bsc#1061840).\n\n - kvm: x86: add tracepoints around __direct_map and\n FNAME(fetch) (bsc#1117665).\n\n - kvm: x86: adjust kvm_mmu_page member to save 8 bytes\n (bsc#1117665).\n\n - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON\n (bsc#1117665).\n\n - kvm: x86: Do not release the page inside mmu_set_spte()\n (bsc#1117665).\n\n - kvm: x86: make FNAME(fetch) and __direct_map more\n similar (bsc#1117665).\n\n - kvm: x86, powerpc: do not allow clearing largepages\n debugfs entry (bsc#1117665).\n\n - kvm: x86: remove now unneeded hugepage gfn adjustment\n (bsc#1117665).\n\n - libertas: Add missing sentinel at end of if_usb.c\n fw_table (bsc#1051510).\n\n - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).\n\n - libnvdimm/security: provide fix for secure-erase to use\n zero-key (bsc#1149853).\n\n - lpfc: Add additional discovery log messages\n (bsc#1154521).\n\n - lpfc: Add FA-WWN Async Event reporting (bsc#1154521).\n\n - lpfc: Add FC-AL support to lpe32000 models\n (bsc#1154521).\n\n - lpfc: Add log macros to allow print by serverity or\n verbocity setting (bsc#1154521).\n\n - lpfc: Fix bad ndlp ptr in xri aborted handling\n (bsc#1154521).\n\n - lpfc: fix coverity error of dereference after null check\n (bsc#1154521).\n\n - lpfc: Fix hardlockup in lpfc_abort_handler\n (bsc#1154521).\n\n - lpfc: Fix lockdep errors in sli_ringtx_put\n (bsc#1154521).\n\n - lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count\n (bsc#1154521).\n\n - lpfc: Fix reporting of read-only fw error errors\n (bsc#1154521).\n\n - lpfc: Fix SLI3 hba in loop mode not discovering devices\n (bsc#1154521).\n\n - lpfc: Make FW logging dynamically configurable\n (bsc#1154521).\n\n - lpfc: Remove lock contention target write path\n (bsc#1154521).\n\n - lpfc: Revise interrupt coalescing for missing scenarios\n (bsc#1154521).\n\n - lpfc: Slight fast-path Performance optimizations\n (bsc#1154521).\n\n - lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521).\n\n - mac80211: accept deauth frames in IBSS mode\n (bsc#1051510).\n\n - mac80211: fix txq NULL pointer dereference\n (bsc#1051510).\n\n - mac80211: Reject malformed SSID elements (bsc#1051510).\n\n - macsec: drop skb sk before calling gro_cells_receive\n (bsc#1051510).\n\n - media: atmel: atmel-isc: fix asd memory allocation\n (bsc#1135642).\n\n - media: cpia2_usb: fix memory leaks (bsc#1051510).\n\n - media: dvb-core: fix a memory leak bug (bsc#1051510).\n\n - media: exynos4-is: fix leaked of_node references\n (bsc#1051510).\n\n - media: gspca: zero usb_buf on error (bsc#1051510).\n\n - media: hdpvr: Add device num check and handling\n (bsc#1051510).\n\n - media: hdpvr: add terminating 0 at end of string\n (bsc#1051510).\n\n - media: i2c: ov5645: Fix power sequence (bsc#1051510).\n\n - media: iguanair: add sanity checks (bsc#1051510).\n\n - media: omap3isp: Do not set streaming state on random\n subdevs (bsc#1051510).\n\n - media: omap3isp: Set device on omap3isp subdevs\n (bsc#1051510).\n\n - media: ov9650: add a sanity check (bsc#1051510).\n\n - media: radio/si470x: kill urb on error (bsc#1051510).\n\n - media: saa7134: fix terminology around\n saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).\n\n - media: saa7146: add cleanup in hexium_attach()\n (bsc#1051510).\n\n - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table\n (bsc#1051510).\n\n - media: stkwebcam: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - media: ttusb-dec: Fix info-leak in\n ttusb_dec_send_command() (bsc#1051510).\n\n - memstick: jmb38x_ms: Fix an error handling path in\n 'jmb38x_ms_probe()' (bsc#1051510).\n\n - mfd: intel-lpss: Remove D3cold delay (bsc#1051510).\n\n - mISDN: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - mld: fix memory leak in mld_del_delrec()\n (networking-stable-19_09_05).\n\n - mmc: sdhci: Fix incorrect switch to HS mode\n (bsc#1051510).\n\n - mmc: sdhci: improve ADMA error reporting (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: set DMA snooping based on DMA\n coherence (bsc#1051510).\n\n - netfilter: nf_nat: do not bug when mapping already\n exists (bsc#1146612).\n\n - net: Fix null de-reference of device refcount\n (networking-stable-19_09_15).\n\n - net: fix skb use after free in netpoll\n (networking-stable-19_09_05).\n\n - net: gso: Fix skb_segment splat when splitting gso_size\n mangled skb having linear-headed frag_list\n (networking-stable-19_09_15).\n\n - net/ibmvnic: Fix EOI when running in XIVE mode\n (bsc#1089644, ltc#166495, ltc#165544, git-fixes).\n\n - net/mlx4_en: fix a memory leak bug (bsc#1046299).\n\n - net/mlx5: Add device ID of upcoming BlueField-2\n (bsc#1046303 ).\n\n - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305\n ).\n\n - net/phy: fix DP83865 10 Mbps HDX loopback disable\n function (networking-stable-19_09_30).\n\n - net: qlogic: Fix memory leak in ql_alloc_large_buffers\n (networking-stable-19_10_05).\n\n - net: qrtr: Stop rx_worker before freeing node\n (networking-stable-19_09_30).\n\n - net/rds: Fix error handling in rds_ib_add_one()\n (networking-stable-19_10_05).\n\n - net/rds: fix warn in rds_message_alloc_sgs\n (bsc#1154848).\n\n - net/rds: remove user triggered WARN_ON in rds_sendmsg\n (bsc#1154848).\n\n - net: Replace NF_CT_ASSERT() with WARN_ON()\n (bsc#1146612).\n\n - net/sched: act_sample: do not push mac header on ip6gre\n ingress (networking-stable-19_09_30).\n\n - net: sched: act_sample: fix psample group handling on\n overwrite (networking-stable-19_09_05).\n\n - net_sched: add policy validation for action attributes\n (networking-stable-19_09_30).\n\n - net_sched: fix backward compatibility for TCA_ACT_KIND\n (git-fixes).\n\n - net: stmmac: dwmac-rk: Do not fail if phy regulator is\n absent (networking-stable-19_09_05).\n\n - net: Unpublish sk from sk_reuseport_cb before call_rcu\n (networking-stable-19_10_05).\n\n - nfc: fix attrs checks in netlink interface\n (bsc#1051510).\n\n - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).\n\n - nfc: pn533: fix use-after-free and memleaks\n (bsc#1051510).\n\n - NFSv4.1 - backchannel request should hold ref on xprt\n (bsc#1152624).\n\n - nl80211: fix NULL pointer dereference (bsc#1051510).\n\n - objtool: Clobber user CFLAGS variable (bsc#1153236).\n\n - openvswitch: change type of UPCALL_PID attribute to\n NLA_UNSPEC (networking-stable-19_09_30).\n\n - packaging: add support for riscv64\n\n - PCI: Correct pci=resource_alignment parameter example\n (bsc#1051510).\n\n - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).\n\n - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI\n domain numbers (bsc#1153263).\n\n - PCI: PM: Fix pci_power_up() (bsc#1051510).\n\n - pinctrl: cherryview: restore Strago DMI workaround for\n all versions (bsc#1111666).\n\n - pinctrl: tegra: Fix write barrier placement in\n pmx_writel (bsc#1051510).\n\n - platform/x86: classmate-laptop: remove unused variable\n (bsc#1051510).\n\n - platform/x86: i2c-multi-instantiate: Derive the device\n name from parent (bsc#1111666).\n\n - platform/x86: i2c-multi-instantiate: Fail the probe if\n no IRQ provided (bsc#1111666).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to\n critclk_systems DMI table (bsc#1051510).\n\n - powerpc/64s/pseries: radix flush translations before MMU\n is enabled at boot (bsc#1055186).\n\n - powerpc/64s/radix: keep kernel ERAT over local\n process/guest invalidates (bsc#1055186).\n\n - powerpc/64s/radix: tidy up TLB flushing code\n (bsc#1055186).\n\n - powerpc/64s: Rename PPC_INVALIDATE_ERAT to\n PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).\n\n - powerpc/mm/book3s64: Move book3s64 code to\n pgtable-book3s64 (bsc#1055186).\n\n - powerpc/mm: mark more tlb functions as __always_inline\n (bsc#1055186).\n\n - powerpc/mm: Properly invalidate when setting process\n table base (bsc#1055186).\n\n - powerpc/mm/radix: mark as __tlbie_pid() and friends\n as__always_inline (bsc#1055186).\n\n - powerpc/mm/radix: mark __radix__flush_tlb_range_psize()\n as __always_inline (bsc#1055186).\n\n - powerpc/pseries/mobility: use cond_resched when updating\n device tree (bsc#1153112 ltc#181778).\n\n - powerpc/pseries: Remove confusing warning message\n (bsc#1109158).\n\n - powerpc/rtas: allow rescheduling while changing cpu\n states (bsc#1153112 ltc#181778).\n\n - powerplay: Respect units on max dcfclk watermark\n (bsc#1111666).\n\n - power: supply: sysfs: ratelimit property read error\n message (bsc#1051510).\n\n - qed: iWARP - Fix default window size to be based on chip\n (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536\n bsc#1050545).\n\n - qed: iWARP - fix uninitialized callback (bsc#1050536\n bsc#1050545).\n\n - qed: iWARP - Use READ_ONCE and smp_store_release to\n access ep->state (bsc#1050536 bsc#1050545).\n\n - qmi_wwan: add support for Cinterion CLS8 devices\n (networking-stable-19_10_05).\n\n - r8152: Set macpassthru in reset_resume callback\n (bsc#1051510).\n\n - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' ->\n 'missing_resp' (bsc#1050244).\n\n - RDMA: Fix goto target to release the allocated memory\n (bsc#1050244).\n\n - rds: Fix warning (bsc#1154848).\n\n - Revert 'drm/amd/display: Fix underscan not using proper\n scaling' (bsc#1111666).\n\n - Revert 'drm/amd/powerplay: Enable/Disable NBPSTATE on\n On/OFF of UVD' (bsc#1111666).\n\n - Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510).\n\n - rtlwifi: rtl8192cu: Fix value set in descriptor\n (bsc#1142635).\n\n - s390/cmf: set_schib_wait add timeout (bsc#1153509,\n bsc#1153476).\n\n - s390/crypto: fix gcm-aes-s390 selftest failures\n (bsc#1137861 LTC#178091).\n\n - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash\n (networking-stable-19_10_05).\n\n - sch_dsmark: fix potential NULL deref in dsmark_init()\n (networking-stable-19_10_05).\n\n - sch_hhf: ensure quantum and hhf_non_hh_weight are\n non-zero (networking-stable-19_09_15).\n\n - sch_netem: fix a divide by zero in tabledist()\n (networking-stable-19_09_30).\n\n - scsi: lpfc: Check queue pointer before use\n (bsc#1154242).\n\n - scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt\n (bsc#1154521).\n\n - scsi: lpfc: Complete removal of FCoE T10 PI support on\n SLI-4 adapters (bsc#1154521).\n\n - scsi: lpfc: Convert existing %pf users to %ps\n (bsc#1154521).\n\n - scsi: lpfc: Fix coverity errors on NULL pointer checks\n (bsc#1154521).\n\n - scsi: lpfc: Fix device recovery errors after PLOGI\n failures (bsc#1154521).\n\n - scsi: lpfc: Fix devices that do not return after devloss\n followed by rediscovery (bsc#1137040).\n\n - scsi: lpfc: Fix discovery failures when target device\n connectivity bounces (bsc#1154521).\n\n - scsi: lpfc: Fix GPF on scsi command completion\n (bsc#1154521).\n\n - scsi: lpfc: Fix hdwq sgl locks and irq handling\n (bsc#1154521).\n\n - scsi: lpfc: Fix host hang at boot or slow boot\n (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption detected in\n lpfc_put_sgl_per_hdwq (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq\n (bsc#1154521).\n\n - scsi: lpfc: Fix locking on mailbox command completion\n (bsc#1154521).\n\n - scsi: lpfc: Fix miss of register read failure check\n (bsc#1154521).\n\n - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo\n via sysfs attribute (bsc#1140845).\n\n - scsi: lpfc: Fix NVMe ABTS in response to receiving an\n ABTS (bsc#1154521).\n\n - scsi: lpfc: Fix NVME io abort failures causing hangs\n (bsc#1154521).\n\n - scsi: lpfc: Fix premature re-enabling of interrupts in\n lpfc_sli_host_down (bsc#1154521).\n\n - scsi: lpfc: Fix propagation of devloss_tmo setting to\n nvme transport (bsc#1140883).\n\n - scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs\n (bsc#1154521).\n\n - scsi: lpfc: Fix rpi release when deleting vport\n (bsc#1154521).\n\n - scsi: lpfc: Fix spinlock_irq issues in\n lpfc_els_flush_cmd() (bsc#1154521).\n\n - scsi: lpfc: Make function lpfc_defer_pt2pt_acc static\n (bsc#1154521).\n\n - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).\n\n - scsi: lpfc: remove left-over BUILD_NVME defines\n (bsc#1154268).\n\n - scsi: lpfc: Update async event logging (bsc#1154521).\n\n - scsi: lpfc: Update lpfc version to 12.4.0.1\n (bsc#1154521).\n\n - scsi: qedf: fc_rport_priv reference counting fixes\n (bsc#1098291).\n\n - scsi: qedf: Modify abort and tmf handler to handle edge\n condition and flush (bsc#1098291).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS\n passthrough (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi
(RHSA-2020:0790) Important: kernel security and bug fix update
