Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
* kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* RHEL7.7 - s390/dasd: Fix zero write for FBA devices (BZ#1931440)
* Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1961623)
Affected Package
Related
{"id": "RHSA-2021:2523", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:2523) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL7.7 - s390/dasd: Fix zero write for FBA devices (BZ#1931440)\n\n* Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1961623)", "published": "2021-06-22T15:55:49", "modified": "2021-06-22T17:00:49", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:2523", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-12362", "CVE-2020-15436"], "immutableFields": [], "lastseen": "2021-10-19T20:40:09", "viewCount": 108, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578", "ALSA-2021:1620"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2021:2314"]}, {"type": "cve", "idList": ["CVE-2020-12362", "CVE-2020-15436"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-12362", "DEBIANCVE:CVE-2020-15436"]}, {"type": "hp", "idList": ["HP:C07023592"]}, {"type": "ibm", "idList": ["0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "76523CA6ED9F13FF53F8FE827130B4B536110FD08A6CE82CEB4E3150DA65DF24", "B89616326F2ACA4483A6FD1036A987B8D2828930F6AC900D37AB085C7941179D"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00438"]}, {"type": "lenovo", "idList": ["LENOVO:PS500393-INTEL-GRAPHICS-DRIVERS-ADVISORY-NOSID"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2021-1620.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-1620.NASL", "CENTOS_RHSA-2021-2314.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2022-2826.NASL", "EULEROS_SA-2022-2851.NASL", "EULEROS_SA-2023-1107.NASL", "EULEROS_SA-2023-1131.NASL", "EULEROS_SA-2023-1150.NASL", "EULEROS_SA-2023-1171.NASL", "NEWSTART_CGSL_NS-SA-2022-0063_LINUX-FIRMWARE.NASL", "NUTANIX_NXSA-AOS-5_15_6.NASL", "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "NUTANIX_NXSA-AOS-5_19_2.NASL", "NUTANIX_NXSA-AOS-5_20_2.NASL", "NUTANIX_NXSA-AOS-6_0.NASL", "NUTANIX_NXSA-AOS-6_0_1.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-393.NASL", "OPENSUSE-2021-407.NASL", "ORACLELINUX_ELSA-2021-0336.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-2314.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9434.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "REDHAT-RHSA-2021-0336.NASL", "REDHAT-RHSA-2021-0338.NASL", "REDHAT-RHSA-2021-0354.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1620.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-2106.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "REDHAT-RHSA-2021-2293.NASL", "REDHAT-RHSA-2021-2314.NASL", "REDHAT-RHSA-2021-2316.NASL", "REDHAT-RHSA-2021-2355.NASL", "REDHAT-RHSA-2021-2523.NASL", "REDHAT-RHSA-2021-2735.NASL", "SL_20210202_KERNEL_ON_SL7_X.NASL", "SL_20210609_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-14630-1.NASL", "UBUNTU_USN-4752-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0336", "ELSA-2021-1578", "ELSA-2021-2314", "ELSA-2021-9002", "ELSA-2021-9005", "ELSA-2021-9008", "ELSA-2021-9434"]}, {"type": "osv", "idList": ["OSV:ASB-A-174737742"]}, {"type": "photon", "idList": ["PHSA-2020-0153", "PHSA-2020-0309", "PHSA-2020-1.0-0309", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0153"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31"]}, {"type": "redhat", "idList": ["RHSA-2021:0336", "RHSA-2021:0338", "RHSA-2021:0354", "RHSA-2021:0607", "RHSA-2021:0719", "RHSA-2021:1376", "RHSA-2021:1578", "RHSA-2021:1620", "RHSA-2021:1739", "RHSA-2021:2106", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2021:2164", "RHSA-2021:2185", "RHSA-2021:2190", "RHSA-2021:2293", "RHSA-2021:2314", "RHSA-2021:2316", "RHSA-2021:2355", "RHSA-2021:2461", "RHSA-2021:2735", "RHSA-2021:2920", "RHSA-2021:3119"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-12362", "RH:CVE-2020-15436"]}, {"type": "rocky", "idList": ["RLSA-2021:1620"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0242-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0407-1"]}, {"type": "threatpost", "idList": ["THREATPOST:656059F49183C61351DFDB08465E451D"]}, {"type": "ubuntu", "idList": ["USN-4752-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-12362", "UB:CVE-2020-15436"]}, {"type": "veracode", "idList": ["VERACODE:28083", "VERACODE:30552"]}, {"type": "virtuozzo", "idList": ["VZA-2021-040"]}]}, "score": {"value": 2.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578", "ALSA-2021:1620"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-04-01"]}, {"type": "centos", "idList": ["CESA-2021:2314"]}, {"type": "cve", "idList": ["CVE-2020-12362", "CVE-2020-15436"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-12362"]}, {"type": "hp", "idList": ["HP:C07023592"]}, {"type": "ibm", "idList": ["4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "76523CA6ED9F13FF53F8FE827130B4B536110FD08A6CE82CEB4E3150DA65DF24", "B89616326F2ACA4483A6FD1036A987B8D2828930F6AC900D37AB085C7941179D"]}, {"type": "lenovo", "idList": ["LENOVO:PS500393-INTEL-GRAPHICS-DRIVERS-ADVISORY-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/UBUNTU-CVE-2020-28588/"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-1620.NASL", "CENTOS_RHSA-2021-2314.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-2140.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-2314.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1620.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-2106.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "REDHAT-RHSA-2021-2293.NASL", "REDHAT-RHSA-2021-2314.NASL", "REDHAT-RHSA-2021-2316.NASL", "REDHAT-RHSA-2021-2355.NASL", "REDHAT-RHSA-2021-2735.NASL", "REDHAT_UPDATE_LEVEL.NASL", "SL_20210609_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-14630-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1578", "ELSA-2021-2314", "ELSA-2021-9002", "ELSA-2021-9005", "ELSA-2021-9008"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0309", "PHSA-2020-3.0-0153"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31"]}, {"type": "redhat", "idList": ["RHSA-2021:1620"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-12362"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0242-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0407-1"]}, {"type": "threatpost", "idList": ["THREATPOST:656059F49183C61351DFDB08465E451D"]}, {"type": "ubuntu", "idList": ["USN-4752-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-12362", "UB:CVE-2020-15436"]}, {"type": "virtuozzo", "idList": ["VZA-2021-040"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-12362", "epss": "0.000440000", "percentile": "0.102230000", "modified": "2023-03-17"}, {"cve": "CVE-2020-15436", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-16"}], "vulnersScore": 2.2}, "_state": {"dependencies": 1678920471, "score": 1678921101, "epss": 1679073339}, "_internal": {"score_hash": "0e49b801e6659fede79962776f29695e"}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-bootwrapper-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-bootwrapper"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-common-s390x-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-debuginfo-common-s390x"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-debuginfo-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-debuginfo-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "bpftool-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-bootwrapper-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-bootwrapper"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-debuginfo-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-libs-devel-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-kdump-devel-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-kdump-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-headers-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-debuginfo-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "bpftool-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-devel-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-libs-devel-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-debuginfo-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-devel-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-debuginfo-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debug-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-headers-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-debuginfo-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-abi-whitelists-3.10.0-1062.51.1.el7.noarch.rpm", "operator": "lt", "packageName": "kernel-abi-whitelists"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-doc-3.10.0-1062.51.1.el7.noarch.rpm", "operator": "lt", "packageName": "kernel-doc"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-libs-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-kdump-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-kdump"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-debuginfo-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-common-x86_64-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debuginfo-common-x86_64"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-devel-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-libs-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-debuginfo-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-debuginfo-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-headers-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-devel-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-debuginfo-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-debuginfo-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-devel-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-debuginfo-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-debuginfo-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-debug-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-libs-devel-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-debuginfo-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-3.10.0-1062.51.1.el7.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-debuginfo-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-debug-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-devel-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debug-devel-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-libs-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-common-ppc64le-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debuginfo-common-ppc64le"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-debuginfo-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-headers-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-debuginfo-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "bpftool-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-common-ppc64-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "kernel-debuginfo-common-ppc64"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-devel-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "python-perf-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "bpftool-debuginfo-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "bpftool-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-tools-3.10.0-1062.51.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-kdump-debuginfo-3.10.0-1062.51.1.el7.s390x.rpm", "operator": "lt", "packageName": "kernel-kdump-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "kernel-debuginfo-3.10.0-1062.51.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.10.0-1062.51.1.el7", "packageFilename": "perf-3.10.0-1062.51.1.el7.ppc64.rpm", "operator": "lt", "packageName": "perf"}], "vendorCvss": {"severity": "important"}}
{"nessus": [{"lastseen": "2023-01-26T14:45:03", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2523 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-23T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2523)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-15436"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2523.NASL", "href": "https://www.tenable.com/plugins/nessus/150963", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2523. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150963);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2020-15436\");\n script_xref(name:\"RHSA\", value:\"2021:2523\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2523)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2523 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(190, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-12362', 'CVE-2020-15436');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2523');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.51.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.51.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-09T14:48:30", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1620 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : linux-firmware (CESA-2021:1620)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:iwl100-firmware", "p-cpe:/a:centos:centos:iwl1000-firmware", "p-cpe:/a:centos:centos:iwl105-firmware", "p-cpe:/a:centos:centos:iwl135-firmware", "p-cpe:/a:centos:centos:iwl2000-firmware", "p-cpe:/a:centos:centos:iwl2030-firmware", "p-cpe:/a:centos:centos:iwl3160-firmware", "p-cpe:/a:centos:centos:iwl3945-firmware", "p-cpe:/a:centos:centos:iwl4965-firmware", "p-cpe:/a:centos:centos:iwl5000-firmware", "p-cpe:/a:centos:centos:iwl5150-firmware", "p-cpe:/a:centos:centos:iwl6000-firmware", "p-cpe:/a:centos:centos:iwl6000g2a-firmware", "p-cpe:/a:centos:centos:iwl6000g2b-firmware", "p-cpe:/a:centos:centos:iwl6050-firmware", "p-cpe:/a:centos:centos:iwl7260-firmware", "p-cpe:/a:centos:centos:libertas-sd8686-firmware", "p-cpe:/a:centos:centos:libertas-sd8787-firmware", "p-cpe:/a:centos:centos:libertas-usb8388-firmware", "p-cpe:/a:centos:centos:libertas-usb8388-olpc-firmware", "p-cpe:/a:centos:centos:linux-firmware"], "id": "CENTOS8_RHSA-2021-1620.NASL", "href": "https://www.tenable.com/plugins/nessus/149764", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1620. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149764);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\"CVE-2020-12362\");\n script_xref(name:\"RHSA\", value:\"2021:1620\");\n\n script_name(english:\"CentOS 8 : linux-firmware (CESA-2021:1620)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:1620 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1620\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl100-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl1000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl105-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl135-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl2000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl2030-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl3160-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl3945-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl4965-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl5000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl5150-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl6000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl6000g2a-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl6000g2b-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl6050-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iwl7260-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libertas-sd8686-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libertas-sd8787-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libertas-usb8388-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libertas-usb8388-olpc-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:linux-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'iwl100-firmware-39.31.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl1000-firmware-39.31.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl105-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl135-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2000-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2030-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl3160-firmware-25.30.13.0-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl3945-firmware-15.32.2.9-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl4965-firmware-228.61.2.24-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5000-firmware-8.83.5.1_1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5150-firmware-8.24.2.2-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000-firmware-9.221.4.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2a-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2b-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6050-firmware-41.28.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl7260-firmware-25.30.13.0-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libertas-sd8686-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-sd8787-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-usb8388-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-usb8388-olpc-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'linux-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'iwl100-firmware / iwl1000-firmware / iwl105-firmware / iwl135-firmware / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T15:53:53", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2293 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2293)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2293.NASL", "href": "https://www.tenable.com/plugins/nessus/150350", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2293. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150350);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-12362\");\n script_xref(name:\"RHSA\", value:\"2021:2293\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2293)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2293 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-12362');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2293');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-514.89.1.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.89.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:43:08", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0336 advisory.\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-0336)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-35513"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-0336.NASL", "href": "https://www.tenable.com/plugins/nessus/146078", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0336.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146078);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2020-15436\", \"CVE-2020-35513\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-0336)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0336 advisory.\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system)\n functionality was found in the way user create and delete object using NFSv4.2 or newer if both\n simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to\n the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0336.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.15.2.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-0336');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.15.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:37:09", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0338 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2021:0338)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-35513"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2021-0338.NASL", "href": "https://www.tenable.com/plugins/nessus/146082", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0338. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146082);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-15436\", \"CVE-2020-35513\");\n script_xref(name:\"RHSA\", value:\"2021:0338\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:0338)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0338 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1911309\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(271, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-15436', 'CVE-2020-35513');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0338');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.15.2.rt56.1152.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.15.2.rt56.1152.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:36:04", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0336 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:0336)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-35513"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-0336.NASL", "href": "https://www.tenable.com/plugins/nessus/146076", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0336. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146076);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-15436\", \"CVE-2020-35513\");\n script_xref(name:\"RHSA\", value:\"2021:0336\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:0336)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0336 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1911309\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(271, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-15436', 'CVE-2020-35513');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0336');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.15.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.15.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T14:14:57", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:0336-1 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:0336)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-35513"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:2.3:a:fermilab:scientific_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debug-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:python-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:bpftool-debuginfo:*:*:*:*:*:*:*", "cpe:2.3:o:fermilab:scientific_linux:*:*:*:*:*:*:*:*"], "id": "SL_20210202_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/146064", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146064);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2020-15436\", \"CVE-2020-35513\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:0336\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:0336)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:0336-1 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20210336-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'bpftool-debuginfo-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.15.2.el7', 'release':'SL7'},\n {'reference':'kernel-debug-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-debug-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-debuginfo-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-headers-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-tools-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-tools-libs-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'perf-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'perf-debuginfo-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'python-perf-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'python-perf-debuginfo-3.10.0-1160.15.2.el7', 'cpu':'x86_64', 'release':'SL7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:53:46", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9434 advisory.\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2021-9434)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2021-3347"], "modified": "2021-08-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9434.NASL", "href": "https://www.tenable.com/plugins/nessus/152912", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9434.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152912);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2021-3347\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2021-9434)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9434 advisory.\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9434.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-754.35.1.0.5.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9434');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-754.35.1.0.5.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-754.35.1.0.5.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.35.1.0.5.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.35.1.0.5.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-09T15:13:19", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0354 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2021:0354)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-1749", "CVE-2020-29661"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-0354.NASL", "href": "https://www.tenable.com/plugins/nessus/146055", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0354. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146055);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-1749\", \"CVE-2020-15436\", \"CVE-2020-29661\");\n script_xref(name:\"RHSA\", value:\"2021:0354\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2021:0354)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0354 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1809833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-abi-whitelists package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(319, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-1749', 'CVE-2020-15436', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0354');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-abi-whitelists-4.14.0-115.35.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-abi-whitelists');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T15:51:44", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1620 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : linux-firmware (RHSA-2021:1620)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:iwl100-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl1000-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl105-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl135-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl2000-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl2030-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl3160-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl3945-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl4965-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl5000-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl5150-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl6000-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl6000g2a-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl6000g2b-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl6050-firmware", "p-cpe:/a:redhat:enterprise_linux:iwl7260-firmware", "p-cpe:/a:redhat:enterprise_linux:libertas-sd8686-firmware", "p-cpe:/a:redhat:enterprise_linux:libertas-sd8787-firmware", "p-cpe:/a:redhat:enterprise_linux:libertas-usb8388-firmware", "p-cpe:/a:redhat:enterprise_linux:libertas-usb8388-olpc-firmware", "p-cpe:/a:redhat:enterprise_linux:linux-firmware"], "id": "REDHAT-RHSA-2021-1620.NASL", "href": "https://www.tenable.com/plugins/nessus/149703", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1620. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149703);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-12362\");\n script_xref(name:\"RHSA\", value:\"2021:1620\");\n\n script_name(english:\"RHEL 8 : linux-firmware (RHSA-2021:1620)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1620 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl100-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl1000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl105-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl135-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl2000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl2030-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl3160-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl3945-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl4965-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl5000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl5150-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl6000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl6000g2a-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl6000g2b-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl6050-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iwl7260-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libertas-sd8686-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libertas-sd8787-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libertas-usb8388-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libertas-usb8388-olpc-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:linux-firmware\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'iwl100-firmware-39.31.5.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl1000-firmware-39.31.5.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl105-firmware-18.168.6.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl135-firmware-18.168.6.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2000-firmware-18.168.6.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2030-firmware-18.168.6.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl3160-firmware-25.30.13.0-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl3945-firmware-15.32.2.9-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl4965-firmware-228.61.2.24-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5000-firmware-8.83.5.1_1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5150-firmware-8.24.2.2-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000-firmware-9.221.4.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2a-firmware-18.168.6.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2b-firmware-18.168.6.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6050-firmware-41.28.5.1-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl7260-firmware-25.30.13.0-102.el8.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libertas-sd8686-firmware-20201218-102.git05789708.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-sd8787-firmware-20201218-102.git05789708.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-usb8388-firmware-20201218-102.git05789708.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libertas-usb8388-olpc-firmware-20201218-102.git05789708.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'linux-firmware-20201218-102.git05789708.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'iwl100-firmware-39.31.5.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl1000-firmware-39.31.5.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl105-firmware-18.168.6.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl135-firmware-18.168.6.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2000-firmware-18.168.6.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2030-firmware-18.168.6.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl3160-firmware-25.30.13.0-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl3945-firmware-15.32.2.9-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl4965-firmware-228.61.2.24-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5000-firmware-8.83.5.1_1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5150-firmware-8.24.2.2-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000-firmware-9.221.4.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2a-firmware-18.168.6.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2b-firmware-18.168.6.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6050-firmware-41.28.5.1-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl7260-firmware-25.30.13.0-102.el8.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libertas-sd8686-firmware-20201218-102.git05789708.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-sd8787-firmware-20201218-102.git05789708.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-usb8388-firmware-20201218-102.git05789708.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libertas-usb8388-olpc-firmware-20201218-102.git05789708.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'linux-firmware-20201218-102.git05789708.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'iwl100-firmware-39.31.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl1000-firmware-39.31.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl105-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl135-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2000-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2030-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl3160-firmware-25.30.13.0-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl3945-firmware-15.32.2.9-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl4965-firmware-228.61.2.24-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5000-firmware-8.83.5.1_1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5150-firmware-8.24.2.2-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000-firmware-9.221.4.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2a-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2b-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6050-firmware-41.28.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl7260-firmware-25.30.13.0-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libertas-sd8686-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-sd8787-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-usb8388-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libertas-usb8388-olpc-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'linux-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'iwl100-firmware / iwl1000-firmware / iwl105-firmware / iwl135-firmware / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:56:14", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2735 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-02T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2021:2735)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2021-3347", "CVE-2021-33909"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_els:6", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2735.NASL", "href": "https://www.tenable.com/plugins/nessus/155787", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2735. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155787);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2021-3347\", \"CVE-2021-33909\");\n script_xref(name:\"RHSA\", value:\"2021:2735\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2021:2735)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2735 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970273\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(190, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-12362', 'CVE-2021-3347', 'CVE-2021-33909');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2735');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/6/6Client/i386/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/os',\n 'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/os',\n 'content/dist/rhel/client/6/6Client/i386/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/os',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/os',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/os',\n 'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/os',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/optional/debug',\n 'content/dist/rhel/server/6/6Server/i386/optional/os',\n 'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/os',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/os',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/os',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/os',\n 'content/els/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/os',\n 'content/els/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/os',\n 'content/els/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/debug',\n 'content/fastrack/rhel/client/6/i386/optional/debug',\n 'content/fastrack/rhel/client/6/i386/optional/os',\n 'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/os',\n 'content/fastrack/rhel/client/6/i386/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/os',\n 'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/os',\n 'content/fastrack/rhel/client/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/os',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/os',\n 'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/os',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/optional/debug',\n 'content/fastrack/rhel/server/6/i386/optional/os',\n 'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/server/6/x86_64/hpn/os',\n 'content/fastrack/rhel/server/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/optional/debug',\n 'content/fastrack/rhel/server/6/x86_64/optional/os',\n 'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/os',\n 'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/os',\n 'content/fastrack/rhel/system-z/6/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/os',\n 'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/os',\n 'content/fastrack/rhel/workstation/6/i386/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-2.6.32-754.41.2.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-2.6.32-754.41.2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-2.6.32-754.41.2.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.41.2.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.41.2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.41.2.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.41.2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.41.2.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.41.2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-firmware-2.6.32-754.41.2.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.41.2.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.41.2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.41.2.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.41.2.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.41.2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-09T18:45:47", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1620 advisory.\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : linux-firmware (ALSA-2021:1620)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:iwl100-firmware", "p-cpe:/a:alma:linux:iwl1000-firmware", "p-cpe:/a:alma:linux:iwl105-firmware", "p-cpe:/a:alma:linux:iwl135-firmware", "p-cpe:/a:alma:linux:iwl2000-firmware", "p-cpe:/a:alma:linux:iwl2030-firmware", "p-cpe:/a:alma:linux:iwl3160-firmware", "p-cpe:/a:alma:linux:iwl3945-firmware", "p-cpe:/a:alma:linux:iwl4965-firmware", "p-cpe:/a:alma:linux:iwl5000-firmware", "p-cpe:/a:alma:linux:iwl5150-firmware", "p-cpe:/a:alma:linux:iwl6000-firmware", "p-cpe:/a:alma:linux:iwl6000g2a-firmware", "p-cpe:/a:alma:linux:iwl6000g2b-firmware", "p-cpe:/a:alma:linux:iwl6050-firmware", "p-cpe:/a:alma:linux:iwl7260-firmware", "p-cpe:/a:alma:linux:libertas-sd8686-firmware", "p-cpe:/a:alma:linux:libertas-sd8787-firmware", "p-cpe:/a:alma:linux:libertas-usb8388-firmware", "p-cpe:/a:alma:linux:libertas-usb8388-olpc-firmware", "p-cpe:/a:alma:linux:linux-firmware", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1620.NASL", "href": "https://www.tenable.com/plugins/nessus/157684", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1620.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157684);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2020-12363\", \"CVE-2020-12364\");\n script_xref(name:\"ALSA\", value:\"2021:1620\");\n\n script_name(english:\"AlmaLinux 8 : linux-firmware (ALSA-2021:1620)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1620 advisory.\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1620.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl100-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl1000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl105-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl135-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl2000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl2030-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl3160-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl3945-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl4965-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl5000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl5150-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl6000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl6000g2a-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl6000g2b-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl6050-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:iwl7260-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libertas-sd8686-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libertas-sd8787-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libertas-usb8388-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libertas-usb8388-olpc-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'iwl100-firmware-39.31.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl1000-firmware-39.31.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl105-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl135-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2000-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl2030-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl3160-firmware-25.30.13.0-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'iwl3945-firmware-15.32.2.9-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl4965-firmware-228.61.2.24-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5000-firmware-8.83.5.1_1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl5150-firmware-8.24.2.2-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000-firmware-9.221.4.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2a-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6000g2b-firmware-18.168.6.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl6050-firmware-41.28.5.1-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'iwl7260-firmware-25.30.13.0-102.el8.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libertas-sd8686-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-sd8787-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libertas-usb8388-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libertas-usb8388-olpc-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'linux-firmware-20201218-102.git05789708.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'iwl100-firmware / iwl1000-firmware / iwl105-firmware / iwl135-firmware / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T16:51:29", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has linux-firmware packages installed that are affected by multiple vulnerabilities:\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : linux-firmware Multiple Vulnerabilities (NS-SA-2022-0063)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:iwl100-firmware", "p-cpe:/a:zte:cgsl_main:iwl1000-firmware", "p-cpe:/a:zte:cgsl_main:iwl105-firmware", "p-cpe:/a:zte:cgsl_main:iwl135-firmware", "p-cpe:/a:zte:cgsl_main:iwl2000-firmware", "p-cpe:/a:zte:cgsl_main:iwl2030-firmware", "p-cpe:/a:zte:cgsl_main:iwl3160-firmware", "p-cpe:/a:zte:cgsl_main:iwl3945-firmware", "p-cpe:/a:zte:cgsl_main:iwl4965-firmware", "p-cpe:/a:zte:cgsl_main:iwl5000-firmware", "p-cpe:/a:zte:cgsl_main:iwl5150-firmware", "p-cpe:/a:zte:cgsl_main:iwl6000-firmware", "p-cpe:/a:zte:cgsl_main:iwl6000g2a-firmware", "p-cpe:/a:zte:cgsl_main:iwl6000g2b-firmware", "p-cpe:/a:zte:cgsl_main:iwl6050-firmware", "p-cpe:/a:zte:cgsl_main:iwl7260-firmware", "p-cpe:/a:zte:cgsl_main:libertas-sd8686-firmware", "p-cpe:/a:zte:cgsl_main:libertas-sd8787-firmware", "p-cpe:/a:zte:cgsl_main:libertas-usb8388-firmware", "p-cpe:/a:zte:cgsl_main:libertas-usb8388-olpc-firmware", "p-cpe:/a:zte:cgsl_main:linux-firmware", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0063_LINUX-FIRMWARE.NASL", "href": "https://www.tenable.com/plugins/nessus/160744", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0063. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160744);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2020-12363\", \"CVE-2020-12364\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : linux-firmware Multiple Vulnerabilities (NS-SA-2022-0063)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has linux-firmware packages installed that are affected by\nmultiple vulnerabilities:\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0063\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12364\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL linux-firmware packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl100-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl1000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl105-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl135-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl2000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl2030-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl3160-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl3945-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl4965-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl5000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl5150-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl6000-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl6000g2a-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl6000g2b-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl6050-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:iwl7260-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libertas-sd8686-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libertas-sd8787-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libertas-usb8388-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libertas-usb8388-olpc-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'iwl100-firmware-39.31.5.1-102.el8.1',\n 'iwl1000-firmware-39.31.5.1-102.el8.1',\n 'iwl105-firmware-18.168.6.1-102.el8.1',\n 'iwl135-firmware-18.168.6.1-102.el8.1',\n 'iwl2000-firmware-18.168.6.1-102.el8.1',\n 'iwl2030-firmware-18.168.6.1-102.el8.1',\n 'iwl3160-firmware-25.30.13.0-102.el8.1',\n 'iwl3945-firmware-15.32.2.9-102.el8.1',\n 'iwl4965-firmware-228.61.2.24-102.el8.1',\n 'iwl5000-firmware-8.83.5.1_1-102.el8.1',\n 'iwl5150-firmware-8.24.2.2-102.el8.1',\n 'iwl6000-firmware-9.221.4.1-102.el8.1',\n 'iwl6000g2a-firmware-18.168.6.1-102.el8.1',\n 'iwl6000g2b-firmware-18.168.6.1-102.el8.1',\n 'iwl6050-firmware-41.28.5.1-102.el8.1',\n 'iwl7260-firmware-25.30.13.0-102.el8.1',\n 'libertas-sd8686-firmware-20201218-102.git05789708.el8',\n 'libertas-sd8787-firmware-20201218-102.git05789708.el8',\n 'libertas-usb8388-firmware-20201218-102.git05789708.el8',\n 'libertas-usb8388-olpc-firmware-20201218-102.git05789708.el8',\n 'linux-firmware-20201218-102.git05789708.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-firmware');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T19:07:55", "description": "According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : linux-firmware (EulerOS-SA-2023-1107)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2023-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:linux-firmware", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2023-1107.NASL", "href": "https://www.tenable.com/plugins/nessus/169674", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169674);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/06\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2020-12363\", \"CVE-2020-12364\");\n\n script_name(english:\"EulerOS 2.0 SP9 : linux-firmware (EulerOS-SA-2023-1107)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1107\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f086bfdc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"linux-firmware-20190815-6.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-firmware\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T19:08:34", "description": "According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : linux-firmware (EulerOS-SA-2023-1131)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2023-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:linux-firmware", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2023-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/169640", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169640);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/06\");\n\n script_cve_id(\"CVE-2020-12362\", \"CVE-2020-12363\", \"CVE-2020-12364\");\n\n script_name(english:\"EulerOS 2.0 SP9 : linux-firmware (EulerOS-SA-2023-1131)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1131\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25a7bdc7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"linux-firmware-20190815-6.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-firmware\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:44:27", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2185 advisory.\n\n - kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-06-02T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:2185)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0466", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-28374"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-2185.NASL", "href": "https://www.tenable.com/plugins/nessus/150135", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2185. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150135);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0466\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-28374\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2185\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:2185)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2185 advisory.\n\n - kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0466\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0466', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-28374');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2185');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.56.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.56.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:41:34", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2190 advisory.\n\n - kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:2190)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0466", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-28374"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-2190.NASL", "href": "https://www.tenable.com/plugins/nessus/150127", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2190. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150127);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0466\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-28374\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2190\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:2190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2190 advisory.\n\n - kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0466\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0466', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-28374');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2190');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.56.1.rt13.106.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:42:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2106 advisory.\n\n - kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:2106)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0466", "CVE-2020-12362", "CVE-2020-28374", "CVE-2021-3347"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-2106.NASL", "href": "https://www.tenable.com/plugins/nessus/149904", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2106. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149904);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0466\",\n \"CVE-2020-12362\",\n \"CVE-2020-28374\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2106\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:2106)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2106 advisory.\n\n - kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0466', 'CVE-2020-12362', 'CVE-2020-28374', 'CVE-2021-3347');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2106');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.48.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.48.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T15:46:20", "description": "This update for kernel-firmware fixes the following issues :\n\n - CVE-2020-12373: Fixed an expired pointer dereference may lead to DOS (bsc#1181738).\n\n - CVE-2020-12364: Fixed a NULL pointer reference may lead to DOS (bsc#1181736). \n\n - CVE-2020-12362: Fixed an integer overflow which could have led to privilege escalation (bsc#1181720).\n\n - CVE-2020-12363: Fixed an improper input validation which may have led to DOS (bsc#1181735).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel-firmware (openSUSE-2021-407)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12373"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-firmware", "p-cpe:/a:novell:opensuse:ucode-amd", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-407.NASL", "href": "https://www.tenable.com/plugins/nessus/147774", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-407.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147774);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-12373\"\n );\n\n script_name(english:\"openSUSE Security Update : kernel-firmware (openSUSE-2021-407)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for kernel-firmware fixes the following issues :\n\n - CVE-2020-12373: Fixed an expired pointer dereference may\n lead to DOS (bsc#1181738).\n\n - CVE-2020-12364: Fixed a NULL pointer reference may lead\n to DOS (bsc#1181736). \n\n - CVE-2020-12362: Fixed an integer overflow which could\n have led to privilege escalation (bsc#1181720).\n\n - CVE-2020-12363: Fixed an improper input validation which\n may have led to DOS (bsc#1181735).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181738\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12373\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-amd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-firmware-20200107-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ucode-amd-20200107-lp152.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-firmware / ucode-amd\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T15:53:21", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2355 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2355)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19532", "CVE-2020-12362", "CVE-2020-25211", "CVE-2020-25705"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2355.NASL", "href": "https://www.tenable.com/plugins/nessus/150422", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2355. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150422);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-12362\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2355\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2355)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2355 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25705\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 190, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-12362', 'CVE-2020-25211', 'CVE-2020-25705');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2355');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.76.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.76.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-09T19:12:07", "description": "According to the versions of the linux-firmware package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : linux-firmware (EulerOS-SA-2023-1150)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12321", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2023-01-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:linux-firmware", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2023-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/169820", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169820);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/11\");\n\n script_cve_id(\n \"CVE-2020-12321\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : linux-firmware (EulerOS-SA-2023-1150)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-firmware package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may\n allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1150\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5fdf06cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12321\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"linux-firmware-20200817-2.h5.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-firmware\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T19:12:49", "description": "According to the versions of the linux-firmware package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : linux-firmware (EulerOS-SA-2023-1171)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12321", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2023-01-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:linux-firmware", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2023-1171.NASL", "href": "https://www.tenable.com/plugins/nessus/169815", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169815);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/10\");\n\n script_cve_id(\n \"CVE-2020-12321\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : linux-firmware (EulerOS-SA-2023-1171)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-firmware package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may\n allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1171\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77d3b2aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12321\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"linux-firmware-20200817-2.h5.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-firmware\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T19:08:39", "description": "According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : linux-firmware (EulerOS-SA-2022-2826)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12321", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2022-12-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:linux-firmware", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2826.NASL", "href": "https://www.tenable.com/plugins/nessus/169005", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169005);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/21\");\n\n script_cve_id(\n \"CVE-2020-12321\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : linux-firmware (EulerOS-SA-2022-2826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may\n allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2826\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afc02e73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12321\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"linux-firmware-20200817-2.h5.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-firmware\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T19:09:21", "description": "According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : linux-firmware (EulerOS-SA-2022-2851)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12321", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2022-12-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:linux-firmware", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2851.NASL", "href": "https://www.tenable.com/plugins/nessus/168998", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168998);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/21\");\n\n script_cve_id(\n \"CVE-2020-12321\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : linux-firmware (EulerOS-SA-2022-2851)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the linux-firmware package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may\n allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n (CVE-2020-12321)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2851\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6299c64f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12321\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:linux-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"linux-firmware-20200817-2.h5.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-firmware\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T16:34:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1376 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:1376)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-28374", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-1376.NASL", "href": "https://www.tenable.com/plugins/nessus/149028", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1376. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149028);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-28374\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1376\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:1376)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1376 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 122, 125, 200, 250, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-15436', 'CVE-2020-28374', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1376');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.72.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-09T15:18:30", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2164 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2164)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19532", "CVE-2020-12362", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2164.NASL", "href": "https://www.tenable.com/plugins/nessus/150117", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2164. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150117);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-12362\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2164\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2164)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2164 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 190, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-12362', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2164');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.87.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:39", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-14T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2021:2314)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-06-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/150770", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2314 and\n# CentOS Errata and Security Advisory 2021:2314 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150770);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/14\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2314\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-June/048337.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38256049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 200, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:51:00", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2314 advisory.\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-2314)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/150447", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2314.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-2314 advisory.\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2314.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.31.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-2314');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-24T14:48:41", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2316 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2021:2316)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2021-2316.NASL", "href": "https://www.tenable.com/plugins/nessus/150380", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2316. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150380);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2316\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:2316)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2316 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 200, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-8648', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-27170', 'CVE-2021-3347');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2316');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-24T14:48:43", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2314)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/150379", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2314. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150379);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2314\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 200, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-8648', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-27170', 'CVE-2021-3347');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2314');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T14:18:56", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2314-1 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2314)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-06-17T00:00:00", "cpe": ["p-cpe:2.3:a:fermilab:scientific_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debug-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:python-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:bpftool-debuginfo:*:*:*:*:*:*:*", "cpe:2.3:o:fermilab:scientific_linux:*:*:*:*:*:*:*:*", "p-cpe:2.3:a:fermilab:scientific_linux:\\[hyper-v\\]\\[sl:*:*:*:*:*:*:*"], "id": "SL_20210609_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/150800", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150800);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/17\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2314\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:2314-1 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212314-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:[Hyper-V][SL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, '[Hyper-V][SL / bpftool / bpftool-debuginfo / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:33", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143633);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203718-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8809a5f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3718=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:45", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n\n - kABI workaround for usermodehelper changes (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n\n - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-27777", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2193.NASL", "href": "https://www.tenable.com/plugins/nessus/143542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143542);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-27777\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)\");\n script_summary(english:\"Check for the openSUSE-2020-2193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c where uninitialized\n memory leaks to userspace, aka CID-bcf85fcedfdd\n (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in\n fs/block_dev.c allowed local users to gain privileges or\n cause a denial of service by leveraging improper access\n to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with\n access_ok() is not checked was discovered in\n i915_gem_execbuffer2_ioctl in\n drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a\n local attacker can craft a malicious IOCTL function call\n to overwrite arbitrary kernel memory, resulting in a\n Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_\n ports() that allowed local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace\n (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could\n be used by local attackers to read privileged\n information or potentially crash the kernel, aka\n CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese\n Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ\n (git-fixes).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from\n struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs\n (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed\n (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list\n (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats\n (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace\n (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop\n (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock\n (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table\n (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window\n (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN\n warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system\n (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and\n unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio\n (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on\n shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual\n address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush\n (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast\n traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start\n (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma\n mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling\n (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed\n (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow\n (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset\n and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux\n (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during\n device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to\n ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params\n mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey\n (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol\n (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the\n HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order\n (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps\n (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state\n (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to\n the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during\n invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page\n fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP\n MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg\n failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users\n (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes\n (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in\n mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send()\n (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup()\n (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down\n (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow\n (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during\n open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed\n (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open()\n (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad\n (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add()\n (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class\n (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation\n (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for\n UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value\n (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in\n guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration\n (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in\n KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier\n maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE\n vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config\n (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while\n polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task\n (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of\n pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in\n bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in\n cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens\n (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info\n (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route\n error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while\n finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init\n failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup\n (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on\n kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size\n (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read\n (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy\n (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD\n object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address\n (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared\n ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented\n resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN\n (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq()\n (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried\n (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference\n (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()\n (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop()\n (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces\n (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure\n case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference\n (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock\n (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in\n ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded\n value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP\n (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by\n simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an\n implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing\n flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields'\n (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE\n (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ\n (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call\n (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some\n netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in\n pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in\n ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr\n (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON()\n (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before\n calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports\n (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with\n IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair\n attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to\n kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets\n in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface\n has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is\n posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param\n assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param()\n (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma()\n (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB\n devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL\n (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling\n (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent\n docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator\n (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm\n layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR\n when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove\n (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create\n AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr\n (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in\n ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable\n authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - Update references in\n patches.suse/net-smc-tolerate-future-smcd-versions\n (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API\n (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration\n (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings\n (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time\n (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with\n ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance\n (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation\n (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects\n (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from\n global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol\n (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and\n write (bsc#1178897). Needed as a prep patch for further\n improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation\n (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in\n sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry\n creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access\n (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache()\n (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe\n pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept\n (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts\n (bsc#1111666)\n\n - kABI workaround for usermodehelper changes\n (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402\n jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal\n (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set\n pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close\n (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460\n jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering\n (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery\n (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER\n handling (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in\n nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init()\n (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value\n usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in\n arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start()\n (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on\n HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages\n on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number\n (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads\n (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808\n LTC#188739).\n\n - s390: kernel/uv: handle length extension properly\n (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE\n tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git\n tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands\n (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk()\n (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in\n tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing\n hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing\n user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect\n (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is\n not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant\n BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped\n width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:30", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3717-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3717-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143860);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203717-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9106a420\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3717=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T20:41:29", "description": "The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory.\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-15436", "CVE-2020-15862", "CVE-2020-29573", "CVE-2020-35513", "CVE-2021-3156"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "href": "https://www.tenable.com/plugins/nessus/164609", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164609);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-25013\",\n \"CVE-2020-10029\",\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\",\n \"CVE-2020-15436\",\n \"CVE-2020-15862\",\n \"CVE-2020-29573\",\n \"CVE-2020-35513\",\n \"CVE-2021-3156\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory.\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range\n reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when\n passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB\n provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-\n based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with\n a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to\n sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because\n of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,\n the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system)\n functionality was found in the way user create and delete object using NFSv4.2 or newer if both\n simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to\n the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.19.1.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51f492e8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.19.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1.5 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.19.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1.5 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:07", "description": "The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\n - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\n - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\n - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).\n\n - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).\n\n - CVE-2020-12364: Fixed a NULL pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).\n\n - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).\n\n - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe following non-security bugs were fixed :\n\n - ACPICA: Fix exception code class checks (git-fixes).\n\n - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes).\n\n - ACPI: property: Fix fwnode string properties matching (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes).\n\n - ALSA: hda: Add another CometLake-H PCI ID (git-fixes).\n\n - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes).\n\n - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).\n\n - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes).\n\n - ALSA: pcm: Call sync_stop at disconnection (git-fixes).\n\n - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes).\n\n - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes).\n\n - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes).\n\n - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes).\n\n - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes).\n\n - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes).\n\n - ALSA: usb-audio: More strict state change in EP (git-fixes).\n\n - amba: Fix resource leak for drivers without .remove (git-fixes).\n\n - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)\n\n - armv7hl: lpae: Update config files. Disable KVM support (bsc#1182697)\n\n - ASoC: cpcap: fix microphone timeslot mask (git-fixes).\n\n - ASoC: cs42l56: fix up error handling in probe (git-fixes).\n\n - ASoC: simple-card-utils: Fix device module clock (git-fixes).\n\n - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes).\n\n - ata: ahci_brcm: Add back regulators management (git-fixes).\n\n - ata: sata_nv: Fix retrieving of active qcs (git-fixes).\n\n - ath10k: Fix error handling in case of CE pipe init failure (git-fixes).\n\n - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes).\n\n - bcache: fix overflow in offset_to_stripe() (git-fixes).\n\n - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442).\n\n - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443).\n\n - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444).\n\n - block: fix inflight statistics of part0 (bsc#1182445).\n\n - block: respect queue limit of max discard segment (bsc#1182441).\n\n - block: virtio_blk: fix handling single range discard request (bsc#1182439).\n\n - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes).\n\n - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes).\n\n - Bluetooth: drop HCI device reference before return (git-fixes).\n\n - Bluetooth: Fix initializing response id after clearing struct (git-fixes).\n\n - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).\n\n - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes).\n\n - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_board() (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_one() (git-fixes).\n\n - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes).\n\n - bnxt_en: read EEPROM A2h address using page 0 (git-fixes).\n\n - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes).\n\n - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).\n\n - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).\n\n - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).\n\n - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518).\n\n - bpf, cgroup: Fix problematic bounds check (bsc#1155518).\n\n - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626).\n\n - btrfs: Cleanup try_flush_qgroup (bsc#1182047).\n\n - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).\n\n - btrfs: fix race between RO remount and the cleaner task (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626).\n\n - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: lift read-write mount setup from mount and remount (bsc#1182626).\n\n - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626).\n\n - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).\n\n - caif: no need to check return value of debugfs_create functions (git-fixes).\n\n - ceph: fix flush_snap logic after putting caps (bsc#1182854).\n\n - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683).\n\n - cgroup: fix psi monitor for root cgroup (bsc#1182686).\n\n - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684).\n\n - chelsio/chtls: correct function return and return type (git-fixes).\n\n - chelsio/chtls: correct netdevice for vlan interface (git-fixes).\n\n - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes).\n\n - chelsio/chtls: fix always leaking ctrl_skb (git-fixes).\n\n - chelsio/chtls: fix deadlock issue (git-fixes).\n\n - chelsio/chtls: fix memory leaks caused by a race (git-fixes).\n\n - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes).\n\n - chelsio/chtls: fix panic during unload reload chtls (git-fixes).\n\n - chelsio/chtls: fix socket lock (git-fixes).\n\n - chelsio/chtls: fix tls record info to user (git-fixes).\n\n - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268).\n\n - chtls: Added a check to avoid NULL pointer dereference (git-fixes).\n\n - chtls: Fix chtls resources release sequence (git-fixes).\n\n - chtls: Fix hardware tid leak (git-fixes).\n\n - chtls: Fix panic when route to peer not configured (git-fixes).\n\n - chtls: Remove invalid set_tcb call (git-fixes).\n\n - chtls: Replace skb_dequeue with skb_peek (git-fixes).\n\n - cifs: check all path components in resolved dfs target (bsc#1181710).\n\n - cifs: fix nodfs mount option (bsc#1181710).\n\n - cifs: introduce helper for finding referral server (bsc#1181710).\n\n - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).\n\n - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n\n - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes).\n\n - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes).\n\n - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes).\n\n - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes).\n\n - clk: sunxi-ng: h6: Fix CEC clock (git-fixes).\n\n - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes).\n\n - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes).\n\n - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in\n ->remove() (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes).\n\n - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676).\n\n - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes).\n\n - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes).\n\n - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).\n\n - cxgb4: fix all-mask IP address comparison (git-fixes).\n\n - cxgb4: fix checks for max queues to allocate (git-fixes).\n\n - cxgb4: fix endian conversions for L4 ports in filters (git-fixes).\n\n - cxgb4: fix set but unused variable when DCB is disabled (git-fixes).\n\n - cxgb4: fix SGE queue dump destination buffer context (git-fixes).\n\n - cxgb4: fix the panic caused by non smac rewrite (git-fixes).\n\n - cxgb4: move DCB version extern to header file (git-fixes).\n\n - cxgb4: move handling L2T ARP failures to caller (git-fixes).\n\n - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes).\n\n - cxgb4: parse TC-U32 key values and masks natively (git-fixes).\n\n - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes).\n\n - cxgb4: set up filter action after rewrites (git-fixes).\n\n - cxgb4: use correct type for all-mask IP address comparison (git-fixes).\n\n - cxgb4: use unaligned conversion for fetching timestamp (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes).\n\n - dmaengine: hsu: disable spurious interrupt (git-fixes).\n\n - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes).\n\n - dm crypt: avoid truncating the logical block size (git-fixes).\n\n - dm: fix bio splitting and its bio completion order for regular IO (git-fixes).\n\n - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529).\n\n - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529).\n\n - dm thin metadata: fix lockdep complaint (bsc#1177529).\n\n - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529).\n\n - dm: use noio when sending kobject event (bsc#1177529).\n\n - docs: filesystems: vfs: correct flag name (bsc#1182856).\n\n - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes).\n\n - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).\n\n - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes).\n\n - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes).\n\n - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes).\n\n - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes).\n\n - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes).\n\n - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes).\n\n - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes).\n\n - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes).\n\n - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes).\n\n - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes).\n\n - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes).\n\n - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes).\n\n - drm/gma500: Fix error return code in psb_driver_load() (git-fixes).\n\n - drm/meson: Unbind all connectors on module removal (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472)\n\n - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472)\n\n - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472)\n\n - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489)\n\n - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes).\n\n - exfat: Avoid allocating upcase table using kcalloc() (git-fixes).\n\n - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464).\n\n - ext4: fix a memory leak of ext4_free_data (bsc#1182447).\n\n - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).\n\n - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).\n\n - ext4: fix superblock checksum failure when setting password salt (bsc#1182465).\n\n - ext4: prevent creating duplicate encrypted filenames (bsc#1182446).\n\n - fgraph: Initialize tracing_graph_pause at task creation (git-fixes).\n\n - firmware_loader: align .builtin_fw to 8 (git-fixes).\n\n - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446).\n\n - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446).\n\n - fs: fix lazytime expiration handling in\n __writeback_single_inode() (bsc#1182466).\n\n - gma500: clean up error handling in init (git-fixes).\n\n - gpio: pcf857x: Fix missing first interrupt (git-fixes).\n\n - HID: core: detect and skip invalid inputs to snto32() (git-fixes).\n\n - HID: make arrays usage and value to be the same (git-fixes).\n\n - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes).\n\n - hwrng: timeriomem - Fix cooldown period calculation (git-fixes).\n\n - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).\n\n - i2c: iproc: handle only slave interrupts which are enabled (git-fixes).\n\n - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes).\n\n - i2c: stm32f7: fix configuration of the digital filter (git-fixes).\n\n - i3c: master: dw: Drop redundant disec call (git-fixes).\n\n - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025).\n\n - i40e: avoid premature Rx buffer reuse (git-fixes).\n\n - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).\n\n - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).\n\n - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).\n\n - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025).\n\n - iavf: fix double-release of rtnl_lock (git-fixes).\n\n - iavf: fix error return code in iavf_init_get_resources() (git-fixes).\n\n - iavf: fix speed reporting over virtchnl (git-fixes).\n\n - iavf: Fix updating statistics (git-fixes).\n\n - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591).\n\n - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591).\n\n - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).\n\n - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: device remove has higher precedence over reset (bsc#1065729).\n\n - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591).\n\n - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).\n\n - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).\n\n - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960).\n\n - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: serialize access to work queue on remove (bsc#1065729).\n\n - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes).\n\n - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591).\n\n - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926).\n\n - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926).\n\n - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes).\n\n - igc: fix link speed advertising (git-fixes).\n\n - igc: Fix returning wrong statistics (git-fixes).\n\n - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes).\n\n - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes).\n\n - include/linux/memremap.h: remove stale comments (git-fixes).\n\n - Input: elo - fix an error code in elo_connect() (git-fixes).\n\n - Input: i8042 - unbreak Pegatron C15B (git-fixes).\n\n - Input: joydev - prevent potential read overflow in ioctl (git-fixes).\n\n - Input: sur40 - fix an error code in sur40_probe() (git-fixes).\n\n - Input: xpad - sync supported devices with fork on GitHub (git-fixes).\n\n - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes).\n\n - iwlwifi: mvm: guard against device removal in reprobe (git-fixes).\n\n - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes).\n\n - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes).\n\n - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes).\n\n - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes).\n\n - iwlwifi: pcie: fix context info memory leak (git-fixes).\n\n - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes).\n\n - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes).\n\n - ixgbe: avoid premature Rx buffer reuse (git-fixes).\n\n - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes).\n\n - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995).\n\n - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).\n\n - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191).\n\n - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine.\n\n - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).')\n\n - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).\n\n - kernel/smp: add more data to CSD lock debugging (bsc#1180846).\n\n - kernel/smp: prepare more CSD lock debugging (bsc#1180846).\n\n - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).\n\n - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818).\n\n - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818).\n\n - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489).\n\n - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380).\n\n - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX:\n Emulate MTF when performing instruction emulation' (bsc#1182380).\n\n - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995).\n\n - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770).\n\n - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798).\n\n - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800).\n\n - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490).\n\n - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381).\n\n - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374).\n\n - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801).\n\n - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995).\n\n - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406).\n\n - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).\n\n - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599).\n\n - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes).\n\n - mac80211: 160MHz with extended NSS BW in CSA (git-fixes).\n\n - mac80211: fix fast-rx encryption check (git-fixes).\n\n - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes).\n\n - mac80211: pause TX while changing interface type (git-fixes).\n\n - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost.\n\n - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - matroxfb: avoid -Warray-bounds warning (bsc#1152472)\n\n - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes).\n\n - media: camss: missing error code in msm_video_register() (git-fixes).\n\n - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes).\n\n - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes).\n\n - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes).\n\n - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes).\n\n - media: lmedm04: Fix misuse of comma (git-fixes).\n\n - media: media/pci: Fix memleak in empress_init (git-fixes).\n\n - media: mt9v111: Remove unneeded device-managed puts (git-fixes).\n\n - media: pwc: Use correct device for DMA (bsc#1181133).\n\n - media: pxa_camera: declare variable when DEBUG is defined (git-fixes).\n\n - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes).\n\n - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes).\n\n - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes).\n\n - media: vsp1: Fix an error handling path in the probe function (git-fixes).\n\n - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes).\n\n - memory: ti-aemif: Drop child node when jumping out loop (git-fixes).\n\n - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes).\n\n - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes).\n\n - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes).\n\n - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes).\n\n - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal (git-fixes).\n\n - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).\n\n - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes).\n\n - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes).\n\n - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes).\n\n - mlxsw: core: Use variable timeout for EMAD retries (git-fixes).\n\n - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes).\n\n - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes).\n\n - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes).\n\n - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes).\n\n - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes).\n\n - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes).\n\n - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273).\n\n - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes).\n\n - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273).\n\n - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes).\n\n - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes).\n\n - net: axienet: Fix error return code in axienet_probe() (git-fixes).\n\n - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).\n\n - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).\n\n - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).\n\n - net: bcmgenet: set Rx mode before starting netif (git-fixes).\n\n - net: bcmgenet: use hardware padding of runt frames (git-fixes).\n\n - net: broadcom CNIC: requires MMU (git-fixes).\n\n - net: caif: Fix debugfs on 64-bit platforms (git-fixes).\n\n - net/cxgb4: Check the return from t4_query_params properly (git-fixes).\n\n - net: cxgb4: fix return error value in t4_prep_fw (git-fixes).\n\n - net: dsa: bcm_sf2: Fix overflow checks (git-fixes).\n\n - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes).\n\n - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes).\n\n - net: dsa: mt7530: set CPU port to fallback mode (git-fixes).\n\n - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).\n\n - net: ethernet: ave: Fix error returns in ave_init (git-fixes).\n\n - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes).\n\n - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes).\n\n - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes).\n\n - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes).\n\n - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes).\n\n - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes).\n\n - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353).\n\n - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes).\n\n - net: hns3: add a missing uninit debugfs when unload driver (git-fixes).\n\n - net: hns3: add reset check for VF updating port based VLAN (git-fixes).\n\n - net: hns3: clear port base VLAN when unload PF (git-fixes).\n\n - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes).\n\n - net: hns3: fix a TX timeout issue (git-fixes).\n\n - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes).\n\n - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes).\n\n - net: hns3: fix for VLAN config when reset failed (git-fixes).\n\n - net: hns3: fix RSS config lost after VF reset (git-fixes).\n\n - net: hns3: fix set and get link ksettings issue (git-fixes).\n\n - net: hns3: fix 'tc qdisc del' failed issue (git-fixes).\n\n - net: hns3: fix the number of queues actually used by ARQ (git-fixes).\n\n - net: hns3: fix use-after-free when doing self test (git-fixes).\n\n - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes).\n\n - net: hns: fix return value check in __lb_other_process() (git-fixes).\n\n - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).\n\n - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes).\n\n - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes).\n\n - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes).\n\n - net/mlx4_core: fix a memory leak bug (git-fixes).\n\n - net/mlx4_core: Fix init_hca fields offset (git-fixes).\n\n - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854).\n\n - net/mlx4_en: Handle TX error CQE (bsc#1181854).\n\n - net/mlx5: Add handling of port type in rule deletion (git-fixes).\n\n - net/mlx5: Annotate mutex destroy for root ns (git-fixes).\n\n - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).\n\n - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes).\n\n - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes).\n\n - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes).\n\n - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes).\n\n - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes).\n\n - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes).\n\n - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes).\n\n - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes).\n\n - net/mlx5e: Fix endianness handling in pedit mask (git-fixes).\n\n - net/mlx5e: Fix error path of device attach (git-fixes).\n\n - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).\n\n - net/mlx5e: Fix two double free cases (git-fixes).\n\n - net/mlx5e: Fix VLAN cleanup flow (git-fixes).\n\n - net/mlx5e: Fix VLAN create flow (git-fixes).\n\n - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes).\n\n - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes).\n\n - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes).\n\n - net/mlx5e: Reduce tc unsupported key print level (git-fixes).\n\n - net/mlx5e: Rename hw_modify to preactivate (git-fixes).\n\n - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes).\n\n - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes).\n\n - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes).\n\n - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes).\n\n - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes).\n\n - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes).\n\n - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes).\n\n - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).\n\n - net/mlx5: Fix deletion of duplicate rules (git-fixes).\n\n - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes).\n\n - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes).\n\n - net/mlx5: Fix request_irqs error flow (git-fixes).\n\n - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes).\n\n - net/mlx5: Query PPS pin operational status before registering it (git-fixes).\n\n - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes).\n\n - net: moxa: Fix a potential double 'free_irq()' (git-fixes).\n\n - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes).\n\n - net: mscc: ocelot: fix address ageing time (again) (git-fixes).\n\n - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes).\n\n - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes).\n\n - net: mvpp2: disable force link UP during port init procedure (git-fixes).\n\n - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes).\n\n - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes).\n\n - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).\n\n - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes).\n\n - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes).\n\n - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes).\n\n - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes).\n\n - net: netsec: Correct dma sync for XDP_TX frames (git-fixes).\n\n - net: nixge: fix potential memory leak in nixge_probe() (git-fixes).\n\n - net: octeon: mgmt: Repair filling of RX ring (git-fixes).\n\n - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes).\n\n - net: phy: extract link partner advertisement reading (git-fixes).\n\n - net: phy: extract pause mode (git-fixes).\n\n - net: phy: marvell10g: fix NULL pointer dereference (git-fixes).\n\n - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes).\n\n - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes).\n\n - net: qca_spi: fix receive buffer size check (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi (git-fixes).\n\n - net: qede: fix PTP initialization on recovery (git-fixes).\n\n - net: qede: fix use-after-free on recovery and AER handling (git-fixes).\n\n - net: qede: stop adding events on an already destroyed workqueue (git-fixes).\n\n - net: qed: fix async event callbacks unregistering (git-fixes).\n\n - net: qed: fix excessive QM ILT lines consumption (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (git-fixes).\n\n - net: qed: fix NVMe login fails over VFs (git-fixes).\n\n - net: qed: RDMA personality shouldn't fail VF load (git-fixes).\n\n - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293).\n\n - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes).\n\n - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes).\n\n - net: rmnet: fix bridge mode bugs (git-fixes).\n\n - net: rmnet: fix lower interface leak (git-fixes).\n\n - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes).\n\n - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes).\n\n - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes).\n\n - net: rmnet: fix suspicious RCU usage (git-fixes).\n\n - net: rmnet: print error message when command fails (git-fixes).\n\n - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes).\n\n - net: rmnet: use upper/lower device infrastructure (git-fixes).\n\n - net, sctp, filter: remap copy_from_user failure error (bsc#1181637).\n\n - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).\n\n - net/sonic: Add mutual exclusion for accessing shared state (git-fixes).\n\n - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).\n\n - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes).\n\n - net: stmmac: Do not accept invalid MTU values (git-fixes).\n\n - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).\n\n - net: stmmac: Enable 16KB buffer size (git-fixes).\n\n - net: stmmac: fix disabling flexible PPS output (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string (git-fixes).\n\n - net: stmmac: Fix the TX IOC in xmit path (git-fixes).\n\n - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).\n\n - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes).\n\n - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes).\n\n - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes).\n\n - net: sun: fix missing release regions in cas_init_one() (git-fixes).\n\n - net: team: fix memory leak in __team_options_register (git-fixes).\n\n - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes).\n\n - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes).\n\n - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes).\n\n - nvme-hwmon: rework to avoid devm allocation (bsc#1177326).\n\n - nvme-multipath: Early exit if no path is available (bsc#1180964).\n\n - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137).\n\n - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547).\n\n - objtool: Do not fail on missing symbol table (bsc#1169514).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989).\n\n - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989).\n\n - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989).\n\n - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989).\n\n - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes).\n\n - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes).\n\n - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes).\n\n - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes).\n\n - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes).\n\n - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345).\n\n - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395).\n\n - powerpc: Fix alignment bug within the init sections (bsc#1065729).\n\n - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395).\n\n - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159).\n\n - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159).\n\n - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes).\n\n - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530).\n\n - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159).\n\n - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159).\n\n - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159).\n\n - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729).\n\n - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624).\n\n - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080).\n\n - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080).\n\n - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395).\n\n - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395).\n\n - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395).\n\n - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924).\n\n - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074).\n\n - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855).\n\n - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes).\n\n - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900).\n\n - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes).\n\n - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159).\n\n - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159).\n\n - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes).\n\n - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530).\n\n - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530).\n\n - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes).\n\n - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes).\n\n - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes).\n\n - qed: select CONFIG_CRC32 (git-fixes).\n\n - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).\n\n - quota: Fix memory leak when handling corrupted quota file (bsc#1182650).\n\n - quota: Sanity-check quota file headers on load (bsc#1182461).\n\n - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes).\n\n - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes).\n\n - rcu/nocb: Perform deferred wake up before last idle's (git-fixes)\n\n - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes)\n\n - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes)\n\n - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248).\n\n - RDMA/efa: Count admin commands errors (bsc#1176248).\n\n - RDMA/efa: Count mmap failures (bsc#1176248).\n\n - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248).\n\n - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248).\n\n - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248).\n\n - RDMA/efa: Expose minimum SQ size (bsc#1176248).\n\n - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248).\n\n - RDMA/efa: Properly document the interrupt mask register (bsc#1176248).\n\n - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248).\n\n - RDMA/efa: Report create CQ error counter (bsc#1176248).\n\n - RDMA/efa: Report host information to the device (bsc#1176248).\n\n - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248).\n\n - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248).\n\n - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248).\n\n - RDMA/efa: Use the correct current and new states in modify QP (git-fixes).\n\n - regulator: axp20x: Fix reference cout leak (git-fixes).\n\n - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes).\n\n - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes).\n\n - regulator: Fix lockdep warning resolving supplies (git-fixes).\n\n - regulator: s5m8767: Drop regulators OF node reference (git-fixes).\n\n - regulator: s5m8767: Fix reference count leak (git-fixes).\n\n - reiserfs: add check for an invalid ih_entry_count (bsc#1182462).\n\n - Remove debug patch for boot failure (bsc#1182602 ltc#190924). \n\n - reset: hisilicon: correct vendor prefix (git-fixes).\n\n - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes).\n\n - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes).\n\n - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464).\n\n - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issu es/2439)\n\n - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)\n\n - rtc: s5m: select REGMAP_I2C (git-fixes).\n\n - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9).\n\n - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes).\n\n - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes).\n\n - sched: Reenable interrupts in do_sched_yield() (git-fixes)\n\n - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958).\n\n - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes).\n\n - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes).\n\n - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes).\n\n - smp: Add source and destination CPUs to\n __call_single_data (bsc#1180846).\n\n - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes).\n\n - smsc95xx: check return value of smsc95xx_reset (git-fixes).\n\n - soc: aspeed: snoop: Add clock control logic (git-fixes).\n\n - spi: atmel: Put allocated master before return (git-fixes).\n\n - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes).\n\n - spi: spi-synquacer: fix set_cs handling (git-fixes).\n\n - spi: stm32: properly handle 0 byte transfer (git-fixes).\n\n - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266).\n\n - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267).\n\n - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268).\n\n - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes).\n\n - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109).\n\n - team: set dev->needed_headroom in team_setup_by_port() (git-fixes).\n\n - tpm: Remove tpm_dev_wq_lock (git-fixes).\n\n - tpm_tis: Clean up locality release (git-fixes).\n\n - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes).\n\n - tracing: Check length before giving out the filter buffer (git-fixes).\n\n - tracing: Do not count ftrace events in top level enable output (git-fixes).\n\n - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes).\n\n - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes).\n\n - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes).\n\n - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459).\n\n - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454).\n\n - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457).\n\n - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456).\n\n - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). \n\n - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458).\n\n - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).\n\n - Update config files: armv7hl: Set ledtrig-default-on as builtin (bsc#1182128)\n\n - Update config files: Set ledtrig-default-on as builtin (bsc#1182128)\n\n - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes).\n\n - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes).\n\n - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes).\n\n - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes).\n\n - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes).\n\n - USB: gadget: u_audio: Free requests only after callback (git-fixes).\n\n - USB: musb: Fix runtime PM race in musb_queue_resume_work (git-fixes).\n\n - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes).\n\n - USB: quirks: sort quirk entries (git-fixes).\n\n - USB: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() (git-fixes).\n\n - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes).\n\n - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes).\n\n - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes).\n\n - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes).\n\n - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes).\n\n - USB: serial: option: Adding support for Cinterion MV31 (git-fixes).\n\n - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes).\n\n - veth: Adjust hard_start offset on redirect XDP frames (git-fixes).\n\n - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265).\n\n - virtio_net: Fix error code in probe() (git-fixes).\n\n - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).\n\n - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes).\n\n - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes).\n\n - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).\n\n - vxlan: fix memleak of fdb (git-fixes).\n\n - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes).\n\n - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).\n\n - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489).\n\n - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489).\n\n - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191).\n\n - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191).\n\n - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191).\n\n - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191).\n\n - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191).\n\n - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).\n\n - xen/netback: fix spurious event detection for common event case (bsc#1182175).\n\n - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272).\n\n - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558).\n\n - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276).\n\n - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430).\n\n - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273).\n\n - xfs: ratelimit xfs_discard_page messages (bsc#1182283).\n\n - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561).\n\n - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275).\n\n - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278).\n\n - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271).\n\n - xhci: fix bounce buffer usage for non-sg list case (git-fixes).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-393)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12373", "CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-393.NASL", "href": "https://www.tenable.com/plugins/nessus/147563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-393.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147563);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-12373\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-393)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Linux Leap 15.2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-26930: Fixed an improper error handling in\n blkback's grant mapping (XSA-365 bsc#1181843).\n\n - CVE-2021-26931: Fixed an issue where Linux kernel was\n treating grant mapping errors as bugs (XSA-362\n bsc#1181753).\n\n - CVE-2021-26932: Fixed improper error handling issues in\n Linux grant mapping (XSA-361 bsc#1181747). by remote\n attackers to read or write files via directory traversal\n in an XCOPY request (bsc#178372).\n\n - CVE-2020-12362: Fixed an integer overflow in the\n firmware which may have allowed a privileged user to\n potentially enable an escalation of privilege via local\n access (bsc#1181720).\n\n - CVE-2020-12363: Fixed an improper input validation which\n may have allowed a privileged user to potentially enable\n a denial of service via local access (bsc#1181735).\n\n - CVE-2020-12364: Fixed a NULL pointer reference which may\n have allowed a privileged user to potentially enable a\n denial of service via local access (bsc#1181736 ).\n\n - CVE-2020-12373: Fixed an expired pointer dereference\n which may have allowed a privileged user to potentially\n enable a denial of service via local access\n (bsc#1181738).\n\n - CVE-2020-29368,CVE-2020-29374: Fixed an issue in\n copy-on-write implementation which could have granted\n unintended write access because of a race condition in a\n THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe following non-security bugs were fixed :\n\n - ACPICA: Fix exception code class checks (git-fixes).\n\n - ACPI: configfs: add missing check after\n configfs_register_default_group() (git-fixes).\n\n - ACPI: property: Fix fwnode string properties matching\n (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 1)\n (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 2)\n (git-fixes).\n\n - ALSA: hda: Add another CometLake-H PCI ID (git-fixes).\n\n - ALSA: hda/hdmi: Drop bogus check at closing a stream\n (git-fixes).\n\n - ALSA: hda/realtek: modify EAPD in the ALC886\n (git-fixes).\n\n - ALSA: pcm: Assure sync with the pending stop operation\n at suspend (git-fixes).\n\n - ALSA: pcm: Call sync_stop at disconnection (git-fixes).\n\n - ALSA: pcm: Do not call sync_stop if it hasn't been\n stopped (git-fixes).\n\n - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10\n (git-fixes).\n\n - ALSA: usb-audio: Correct document for\n snd_usb_endpoint_free_all() (git-fixes).\n\n - ALSA: usb-audio: Do not avoid stopping the stream at\n disconnection (git-fixes).\n\n - ALSA: usb-audio: Fix PCM buffer allocation in\n non-vmalloc mode (git-fixes).\n\n - ALSA: usb-audio: Handle invalid running state at\n releasing EP (git-fixes).\n\n - ALSA: usb-audio: More strict state change in EP\n (git-fixes).\n\n - amba: Fix resource leak for drivers without .remove\n (git-fixes).\n\n - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to\n true (bsc#1182560)\n\n - armv7hl: lpae: Update config files. Disable KVM support\n (bsc#1182697)\n\n - ASoC: cpcap: fix microphone timeslot mask (git-fixes).\n\n - ASoC: cs42l56: fix up error handling in probe\n (git-fixes).\n\n - ASoC: simple-card-utils: Fix device module clock\n (git-fixes).\n\n - ASoC: SOF: debug: Fix a potential issue on string buffer\n termination (git-fixes).\n\n - ata: ahci_brcm: Add back regulators management\n (git-fixes).\n\n - ata: sata_nv: Fix retrieving of active qcs (git-fixes).\n\n - ath10k: Fix error handling in case of CE pipe init\n failure (git-fixes).\n\n - ath9k: fix data bus crash when setting nf_override via\n debugfs (git-fixes).\n\n - bcache: fix overflow in offset_to_stripe() (git-fixes).\n\n - blk-mq: call commit_rqs while list empty but error\n happen (bsc#1182442).\n\n - blk-mq: insert request not through ->queue_rq into\n sw/scheduler queue (bsc#1182443).\n\n - blk-mq: move cancel of hctx->run_work to the front of\n blk_exit_queue (bsc#1182444).\n\n - block: fix inflight statistics of part0 (bsc#1182445).\n\n - block: respect queue limit of max discard segment\n (bsc#1182441).\n\n - block: virtio_blk: fix handling single range discard\n request (bsc#1182439).\n\n - Bluetooth: btqcomsmd: Fix a resource leak in error\n handling paths in the probe function (git-fixes).\n\n - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv\n (git-fixes).\n\n - Bluetooth: drop HCI device reference before return\n (git-fixes).\n\n - Bluetooth: Fix initializing response id after clearing\n struct (git-fixes).\n\n - Bluetooth: hci_uart: Fix a race for write_work\n scheduling (git-fixes).\n\n - Bluetooth: Put HCI device if inquiry procedure\n interrupts (git-fixes).\n\n - bnxt_en: Fix accumulation of bp->net_stats_prev\n (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_board()\n (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_one()\n (git-fixes).\n\n - bnxt_en: Improve stats context resource accounting with\n RDMA driver loaded (git-fixes).\n\n - bnxt_en: read EEPROM A2h address using page 0\n (git-fixes).\n\n - bnxt_en: Release PCI regions when DMA mask setup fails\n during probe (git-fixes).\n\n - bonding: Fix reference count leak in\n bond_sysfs_slave_add (git-fixes).\n\n - bonding: set dev->needed_headroom in\n bond_setup_by_slave() (git-fixes).\n\n - bonding: wait for sysfs kobject destruction before\n freeing struct slave (git-fixes).\n\n - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou\n (bsc#1155518).\n\n - bpf, cgroup: Fix problematic bounds check (bsc#1155518).\n\n - btrfs: add assertion for empty list of transactions at\n late stage of umount (bsc#1182626).\n\n - btrfs: Cleanup try_flush_qgroup (bsc#1182047).\n\n - btrfs: Do not flush from\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Fix race between extent freeing/allocation when\n using bitmaps (bsc#1181574).\n\n - btrfs: fix race between RO remount and the cleaner task\n (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after cleaning up\n orphans on RO mount (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after RO remount\n caused by qgroup rescan (bsc#1182626).\n\n - btrfs: Free correct amount of space in\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: lift read-write mount setup from mount and\n remount (bsc#1182626).\n\n - btrfs: Remove btrfs_inode from\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: run delayed iputs when remounting RO to avoid\n leaking them (bsc#1182626).\n\n - btrfs: Simplify code flow in\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Unlock extents in btrfs_zero_range in case of\n errors (bsc#1182047).\n\n - caif: no need to check return value of debugfs_create\n functions (git-fixes).\n\n - ceph: fix flush_snap logic after putting caps\n (bsc#1182854).\n\n - cgroup: Fix memory leak when parsing multiple source\n parameters (bsc#1182683).\n\n - cgroup: fix psi monitor for root cgroup (bsc#1182686).\n\n - cgroup-v1: add disabled controller check in\n cgroup1_parse_param() (bsc#1182684).\n\n - chelsio/chtls: correct function return and return type\n (git-fixes).\n\n - chelsio/chtls: correct netdevice for vlan interface\n (git-fixes).\n\n - chelsio/chtls: fix a double free in chtls_setkey()\n (git-fixes).\n\n - chelsio/chtls: fix always leaking ctrl_skb (git-fixes).\n\n - chelsio/chtls: fix deadlock issue (git-fixes).\n\n - chelsio/chtls: fix memory leaks caused by a race\n (git-fixes).\n\n - chelsio/chtls: fix memory leaks in CPL handlers\n (git-fixes).\n\n - chelsio/chtls: fix panic during unload reload chtls\n (git-fixes).\n\n - chelsio/chtls: fix socket lock (git-fixes).\n\n - chelsio/chtls: fix tls record info to user (git-fixes).\n\n - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268).\n\n - chtls: Added a check to avoid NULL pointer dereference\n (git-fixes).\n\n - chtls: Fix chtls resources release sequence (git-fixes).\n\n - chtls: Fix hardware tid leak (git-fixes).\n\n - chtls: Fix panic when route to peer not configured\n (git-fixes).\n\n - chtls: Remove invalid set_tcb call (git-fixes).\n\n - chtls: Replace skb_dequeue with skb_peek (git-fixes).\n\n - cifs: check all path components in resolved dfs target\n (bsc#1181710).\n\n - cifs: fix nodfs mount option (bsc#1181710).\n\n - cifs: introduce helper for finding referral server\n (bsc#1181710).\n\n - cifs: report error instead of invalid when revalidating\n a dentry fails (bsc#1177440).\n\n - cirrus: cs89x0: remove set but not used variable 'lp'\n (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to\n simplify code (git-fixes).\n\n - clk: meson: clk-pll: fix initializing the old rate\n (fallback) for a PLL (git-fixes).\n\n - clk: meson: clk-pll: make 'ret' a signed integer\n (git-fixes).\n\n - clk: meson: clk-pll: propagate the error from\n meson_clk_pll_set_rate() (git-fixes).\n\n - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs\n (git-fixes).\n\n - clk: sunxi-ng: h6: Fix CEC clock (git-fixes).\n\n - clk: sunxi-ng: h6: Fix clock divider range on some\n clocks (git-fixes).\n\n - clk: sunxi-ng: mp: fix parent rate change flag check\n (git-fixes).\n\n - clocksource/drivers/ixp4xx: Select TIMER_OF when needed\n (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in\n ->remove() (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Free resources in error\n path (git-fixes).\n\n - cpuset: fix race between hotplug work and later CPU\n offline (bsc#1182676).\n\n - crypto: ecdh_helper - Ensure 'len >= secret.len' in\n decode_key() (git-fixes).\n\n - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode\n data size error) (git-fixes).\n\n - cxgb3: fix error return code in t3_sge_alloc_qset()\n (git-fixes).\n\n - cxgb4: fix all-mask IP address comparison (git-fixes).\n\n - cxgb4: fix checks for max queues to allocate\n (git-fixes).\n\n - cxgb4: fix endian conversions for L4 ports in filters\n (git-fixes).\n\n - cxgb4: fix set but unused variable when DCB is disabled\n (git-fixes).\n\n - cxgb4: fix SGE queue dump destination buffer context\n (git-fixes).\n\n - cxgb4: fix the panic caused by non smac rewrite\n (git-fixes).\n\n - cxgb4: move DCB version extern to header file\n (git-fixes).\n\n - cxgb4: move handling L2T ARP failures to caller\n (git-fixes).\n\n - cxgb4: move PTP lock and unlock to caller in Tx path\n (git-fixes).\n\n - cxgb4: parse TC-U32 key values and masks natively\n (git-fixes).\n\n - cxgb4: remove cast when saving IPv4 partial checksum\n (git-fixes).\n\n - cxgb4: set up filter action after rewrites (git-fixes).\n\n - cxgb4: use correct type for all-mask IP address\n comparison (git-fixes).\n\n - cxgb4: use unaligned conversion for fetching timestamp\n (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in an error\n handling path of the probe function (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in the remove\n function (git-fixes).\n\n - dmaengine: hsu: disable spurious interrupt (git-fixes).\n\n - dmaengine: owl-dma: Fix a resource leak in the remove\n function (git-fixes).\n\n - dm crypt: avoid truncating the logical block size\n (git-fixes).\n\n - dm: fix bio splitting and its bio completion order for\n regular IO (git-fixes).\n\n - dm thin: fix use-after-free in\n metadata_pre_commit_callback (bsc#1177529).\n\n - dm thin metadata: Avoid returning cmd->bm wild pointer\n on error (bsc#1177529).\n\n - dm thin metadata: fix lockdep complaint (bsc#1177529).\n\n - dm thin metadata: Fix use-after-free in\n dm_bm_set_read_only (bsc#1177529).\n\n - dm: use noio when sending kobject event (bsc#1177529).\n\n - docs: filesystems: vfs: correct flag name (bsc#1182856).\n\n - dpaa2-eth: fix return codes used in ndo_setup_tc\n (git-fixes).\n\n - Drivers: hv: vmbus: Avoid use-after-free in\n vmbus_onoffer_rescind() (git-fixes).\n\n - drivers: net: davinci_mdio: fix potential NULL\n dereference in davinci_mdio_probe() (git-fixes).\n\n - drivers: soc: atmel: add null entry at the end of\n at91_soc_allowed_list[] (git-fixes).\n\n - drivers: soc: atmel: Avoid calling at91_soc_init on non\n AT91 SoCs (git-fixes).\n\n - drm/amd/display: Change function decide_dp_link_settings\n to avoid infinite looping (git-fixes).\n\n - drm/amd/display: Decrement refcount of dc_sink before\n reassignment (git-fixes).\n\n - drm/amd/display: Fix 10/12 bpc setup in DCE output bit\n depth reduction (git-fixes).\n\n - drm/amd/display: Fix dc_sink kref count in\n emulated_link_detect (git-fixes).\n\n - drm/amd/display: Fix HDMI deep color output for DCE 6-11\n (git-fixes).\n\n - drm/amd/display: Free atomic state after\n drm_atomic_commit (git-fixes).\n\n - drm/amd/display: Revert 'Fix EDID parsing after resume\n from suspend' (git-fixes).\n\n - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in\n preprocessor if condition (git-fixes).\n\n - drm/fb-helper: Add missed unlocks in setcmap_legacy()\n (git-fixes).\n\n - drm/gma500: Fix error return code in psb_driver_load()\n (git-fixes).\n\n - drm/meson: Unbind all connectors on module removal\n (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: Fix max. frequency for H6\n (bsc#1152472)\n\n - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472)\n\n - drm/sun4i: tcon: set sync polarity for tcon1 channel\n (bsc#1152472)\n\n - drm/vc4: hvs: Fix buffer overflow with the dlist\n handling (bsc#1152489)\n\n - exec: Always set cap_ambient in cap_bprm_set_creds\n (git-fixes).\n\n - exfat: Avoid allocating upcase table using kcalloc()\n (git-fixes).\n\n - ext4: do not remount read-only with errors=continue on\n reboot (bsc#1182464).\n\n - ext4: fix a memory leak of ext4_free_data (bsc#1182447).\n\n - ext4: fix bug for rename with RENAME_WHITEOUT\n (bsc#1182449).\n\n - ext4: fix deadlock with fs freezing and EA inodes\n (bsc#1182463).\n\n - ext4: fix superblock checksum failure when setting\n password salt (bsc#1182465).\n\n - ext4: prevent creating duplicate encrypted filenames\n (bsc#1182446).\n\n - fgraph: Initialize tracing_graph_pause at task creation\n (git-fixes).\n\n - firmware_loader: align .builtin_fw to 8 (git-fixes).\n\n - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446).\n\n - fscrypt: rename DCACHE_ENCRYPTED_NAME to\n DCACHE_NOKEY_NAME (bsc#1182446).\n\n - fs: fix lazytime expiration handling in\n __writeback_single_inode() (bsc#1182466).\n\n - gma500: clean up error handling in init (git-fixes).\n\n - gpio: pcf857x: Fix missing first interrupt (git-fixes).\n\n - HID: core: detect and skip invalid inputs to snto32()\n (git-fixes).\n\n - HID: make arrays usage and value to be the same\n (git-fixes).\n\n - HID: wacom: Ignore attempts to overwrite the touch_max\n value from HID (git-fixes).\n\n - hwrng: timeriomem - Fix cooldown period calculation\n (git-fixes).\n\n - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition\n (git-fixes).\n\n - i2c: iproc: handle only slave interrupts which are\n enabled (git-fixes).\n\n - i2c: mediatek: Move suspend and resume handling to NOIRQ\n phase (git-fixes).\n\n - i2c: stm32f7: fix configuration of the digital filter\n (git-fixes).\n\n - i3c: master: dw: Drop redundant disec call (git-fixes).\n\n - i40e: acquire VSI pointer only after VF is initialized\n (jsc#SLE-8025).\n\n - i40e: avoid premature Rx buffer reuse (git-fixes).\n\n - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs\n (git-fixes).\n\n - i40e: Fix MAC address setting for a VF via Host/VM\n (git-fixes).\n\n - i40e: Fix removing driver while bare-metal VFs pass\n traffic (git-fixes).\n\n - i40e: Revert 'i40e: do not report link up for a VF who\n hasn't enabled queues' (jsc#SLE-8025).\n\n - iavf: fix double-release of rtnl_lock (git-fixes).\n\n - iavf: fix error return code in iavf_init_get_resources()\n (git-fixes).\n\n - iavf: fix speed reporting over virtchnl (git-fixes).\n\n - iavf: Fix updating statistics (git-fixes).\n\n - ibmvnic: add memory barrier to protect long term buffer\n (bsc#1182485 ltc#191591).\n\n - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485\n ltc#191591).\n\n - ibmvnic: Clean up TX code and TX buffer data structure\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Clear failover_pending if unable to schedule\n (bsc#1181960 ltc#190997).\n\n - ibmvnic: compare adapter->init_done_rc with more\n readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243\n ltc#189290).\n\n - ibmvnic: Correctly re-enable interrupts in NAPI polling\n routine (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_control_ip_offload (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_query_ip_offload (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: device remove has higher precedence over reset\n (bsc#1065729).\n\n - ibmvnic: Do not replenish RX buffers after every polling\n loop (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that CRQ entry read are correctly\n ordered (bsc#1182485 ltc#191591).\n\n - ibmvnic: Ensure that device queue memory is cache-line\n aligned (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that SCRQ entry reads are correctly\n ordered (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix a race between open and reset (bsc#1176855\n ltc#187293).\n\n - ibmvnic: fix login buffer memory leak (bsc#1081134\n ltc#164631).\n\n - ibmvnic: fix NULL pointer dereference in\n ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix rx buffer tracking and index management in\n replenish_rx_pool partial success (bsc#1179929\n ltc#189960).\n\n - ibmvnic: Fix TX completion error handling (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: Fix use-after-free of VNIC login response\n buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: handle inconsistent login with reset\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Harden device Command Response Queue handshake\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce batched RX buffer descriptor\n transmission (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce indirect subordinate Command Response\n Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce xmit_more support using batched\n subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: no reset timeout for 5 seconds after reset\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: reduce wait for completion time (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: remove never executed if statement\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Remove send_subcrq function (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: rename ibmvnic_send_req_caps to\n send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_cap_queries to send_query_cap\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_map_query to send_query_map\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: send_login should check for crq errors\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: serialize access to work queue on remove\n (bsc#1065729).\n\n - ibmvnic: Set to CLOSED state even on error (bsc#1084610\n ltc#165122 git-fixes).\n\n - ibmvnic: skip send_request_unmap for timeout reset\n (bsc#1182485 ltc#191591).\n\n - ibmvnic: skip tx timeout reset while in resetting\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: stop free_all_rwi on failed reset\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: store RX and TX subCRQ handle array in\n ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243\n
(RHSA-2021:2523) Important: kernel security and bug fix update
