{"id": "SECURITYVULNS:DOC:19068", "bulletinFamily": "software", "title": "Vwar 1.5.0", "description": "Vendor : Www.Vwar.De\r\nCredits : Pouya_server\r\nVer : v1.5.0 \r\nPouya.S3rver@Gmail.com\r\n-----------------------------------------\r\nhttp://[host]/vwar/calendar.php?month=[SQL]", "published": "2008-02-12T00:00:00", "modified": "2008-02-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19068", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 3.8, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201314", "OPENVAS:1361412562310892164", "OPENVAS:1361412562311220201318"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34159", "1337DAY-ID-34153", "1337DAY-ID-34157", "1337DAY-ID-34144", "1337DAY-ID-34134"]}, {"type": "ubuntu", "idList": ["USN-4302-1", "USN-4300-1", "USN-4301-1"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}], "modified": "2018-08-31T11:10:25", "rev": 2}, "vulnersScore": 3.8}, "affectedSoftware": []}

{"redhat": [{"lastseen": "2021-03-02T02:28:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14553", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-12614", "CVE-2019-13050", "CVE-2019-13225", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16167", "CVE-2019-16168", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-17546", "CVE-2019-18197", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19221", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20218", "CVE-2019-20386", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20636", "CVE-2019-20807", "CVE-2019-20812", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-3884", "CVE-2019-5018", "CVE-2019-6977", "CVE-2019-6978", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-10732", "CVE-2020-10749", "CVE-2020-10751", "CVE-2020-10763", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-11793", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13249", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14381", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15157", "CVE-2020-15503", "CVE-2020-15862", "CVE-2020-15999", "CVE-2020-16166", "CVE-2020-1716", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24490", "CVE-2020-24659", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25658", "CVE-2020-25661", "CVE-2020-25662", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25694", "CVE-2020-25696", "CVE-2020-2574", "CVE-2020-26160", "CVE-2020-2752", "CVE-2020-27813", "CVE-2020-27846", "CVE-2020-28362", "CVE-2020-2922", "CVE-2020-29652", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3898", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7774", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8563", "CVE-2020-8566", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-2007", "CVE-2021-26539", "CVE-2021-3121"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.\n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs (CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-02T06:56:45", "published": "2021-02-24T19:49:26", "id": "RHSA-2020:5633", "href": "https://access.redhat.com/errata/RHSA-2020:5633", "type": "redhat", "title": "(RHSA-2020:5633) Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-04T02:33:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n* kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n* kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n* kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808)\n\n* kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046)\n\n* kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n* Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n* kernel: use-after-free in ext4_put_super (CVE-2019-19447)\n\n* kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n* kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n* kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543)\n\n* kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767)\n\n* kernel: use-after-free in debugfs_remove (CVE-2019-19770)\n\n* kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n* kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n* kernel: out-of-bounds read in in vc_do_resize (CVE-2020-8647)\n\n* kernel: use-after-free in n_tty_receive_buf_common (CVE-2020-8648)\n\n* kernel: invalid read location in vgacon_invert_region (CVE-2020-8649)\n\n* kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n* kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n* kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n* kernel: out-of-bounds write in xdp_umem_reg (CVE-2020-12659)\n\n* kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n* kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n* kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n* kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n* kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n* kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n* kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n* kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n* kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() (CVE-2019-19056)\n\n* kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n* kernel: Two memory leaks in the rtl_usb_probe() (CVE-2019-19063)\n\n* kernel: A memory leak in the rtl8xxxu_submit_int_urb() (CVE-2019-19068)\n\n* kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n* kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)\n\n* kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n* kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n* kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n* kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)", "modified": "2020-11-04T05:06:01", "published": "2020-11-03T17:20:02", "id": "RHSA-2020:4609", "href": "https://access.redhat.com/errata/RHSA-2020:4609", "type": "redhat", "title": "(RHSA-2020:4609) Moderate: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-09T10:28:31", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12614", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-20054", "CVE-2019-20636", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-14381", "CVE-2020-25641", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use after free in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n* kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n* kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n* kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808)\n\n* kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046)\n\n* kernel: out-of-bounds write in ext4_xattr_set_entry (CVE-2019-19319)\n\n* Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n* kernel: use-after-free in ext4_put_super (CVE-2019-19447)\n\n* kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n* kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n* kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543)\n\n* kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767)\n\n* kernel: use-after-free in debugfs_remove (CVE-2019-19770)\n\n* kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n* kernel: possible use-after-free due to a race condition in cdev_get (CVE-2020-0305)\n\n* kernel: out-of-bounds read in in vc_do_resize function (CVE-2020-8647)\n\n* kernel: use-after-free in n_tty_receive_buf_common function (CVE-2020-8648)\n\n* kernel: invalid read location in vgacon_invert_region function (CVE-2020-8649)\n\n* kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n* kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n* kernel: out-of-bounds write in mpol_parse_str (CVE-2020-11565)\n\n* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n* kernel: buffer overflow in mt76_add_fragment function (CVE-2020-12465)\n\n* kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n* kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n* kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n* kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n* kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n* kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n* kernel: null pointer dereference in dlpar_parse_cc_property (CVE-2019-12614)\n\n* kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n* kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n* kernel: memory leak in af9005_identify_state() function (CVE-2019-18809)\n\n* kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function (CVE-2019-19056)\n\n* kernel: memory leak in the crypto_report() function (CVE-2019-19062)\n\n* kernel: Two memory leaks in the rtl_usb_probe() function (CVE-2019-19063)\n\n* kernel: A memory leak in the rtl8xxxu_submit_int_urb() function (CVE-2019-19068)\n\n* kernel: A memory leak in the predicate_parse() function (CVE-2019-19072)\n\n* kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)\n\n* kernel: Null pointer dereference in drop_sysctl_table() (CVE-2019-20054)\n\n* kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n* kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n* kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n* kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)", "modified": "2021-02-09T15:15:19", "published": "2020-11-03T17:03:57", "id": "RHSA-2020:4431", "href": "https://access.redhat.com/errata/RHSA-2020:4431", "type": "redhat", "title": "(RHSA-2020:4431) Moderate: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-04T09:23:12", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c\n (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a\n DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-\n dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure\n (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features\n (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c\n (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data\n coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 6.7, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "title": "CentOS 8 : kernel (CESA-2020:4431)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8648", "CVE-2020-12770", "CVE-2019-19533", "CVE-2020-25641", "CVE-2019-19770", "CVE-2019-19767", "CVE-2019-16233", "CVE-2020-12659", "CVE-2019-18809", "CVE-2020-12465", "CVE-2019-19332", "CVE-2020-12826", "CVE-2019-19524", "CVE-2020-10942", "CVE-2019-19062", "CVE-2019-20636", "CVE-2020-10732", "CVE-2019-19319", "CVE-2020-14381", "CVE-2020-0305", "CVE-2020-10774", "CVE-2019-19063", "CVE-2019-18808", "CVE-2019-9455", "CVE-2020-11668", "CVE-2020-10751", "CVE-2019-12614", "CVE-2019-19068", "CVE-2019-9458", "CVE-2020-11565", "CVE-2020-8649", "CVE-2019-16231", "CVE-2019-19447", "CVE-2019-19046", "CVE-2020-8647", "CVE-2020-10773", "CVE-2019-19543", "CVE-2019-15925", "CVE-2019-19537", "CVE-2020-12655", "CVE-2019-19056", "CVE-2019-19072", "CVE-2019-20054", "CVE-2019-15917"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:python3-perf", "cpe:/o:centos:centos:8::baseos", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "cpe:/a:centos:centos:8::powertools", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS8_RHSA-2020-4431.NASL", "href": "https://www.tenable.com/plugins/nessus/145806", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145806);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/03\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10773\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12465\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_bugtraq_id(108550);\n script_xref(name:\"RHSA\", value:\"2020:4431\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2020:4431)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c\n causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c\n (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c\n allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a\n DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a\n use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-\n dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer\n (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c\n and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure\n (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation\n (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features\n (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c\n (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data\n coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4431\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::powertools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-12614', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2020-0305', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10773', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12465', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2020:4431');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-21T06:05:41", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 6.7, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-04T00:00:00", "title": "RHEL 8 : kernel (RHSA-2020:4431)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8648", "CVE-2020-12770", "CVE-2019-19533", "CVE-2020-25641", "CVE-2019-19770", "CVE-2019-19767", "CVE-2019-16233", "CVE-2020-12659", "CVE-2019-18809", "CVE-2020-12465", "CVE-2019-19332", "CVE-2020-12826", "CVE-2019-19524", "CVE-2020-10942", "CVE-2019-19062", "CVE-2019-20636", "CVE-2020-10732", "CVE-2019-19319", "CVE-2020-14381", "CVE-2020-0305", "CVE-2020-10774", "CVE-2019-19063", "CVE-2019-18808", "CVE-2019-9455", "CVE-2020-11668", "CVE-2020-10751", "CVE-2019-12614", "CVE-2019-19068", "CVE-2019-9458", "CVE-2020-11565", "CVE-2020-8649", "CVE-2019-16231", "CVE-2019-19447", "CVE-2019-19046", "CVE-2020-8647", "CVE-2020-10773", "CVE-2019-19543", "CVE-2019-15925", "CVE-2019-19537", "CVE-2020-12655", "CVE-2019-19056", "CVE-2019-19072", "CVE-2019-20054", "CVE-2019-15917"], "modified": "2020-11-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "cpe:/a:redhat:enterprise_linux:8::crb", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "cpe:/o:redhat:enterprise_linux:8::baseos", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2020-4431.NASL", "href": "https://www.tenable.com/plugins/nessus/142430", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142430);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-12614\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10773\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12465\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_bugtraq_id(108550);\n script_xref(name:\"RHSA\", value:\"2020:4431\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:4431)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4431 advisory.\n\n - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c (CVE-2020-12465)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/94.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/349.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/626.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/805.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1718176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1784130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1839634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1874311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1881424\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 94, 119, 120, 200, 349, 362, 400, 401, 416, 476, 626, 772, 787, 805, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4431');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-12614', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2020-0305', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10773', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12465', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:4431');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'bpftool-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-abi-whitelists-4.18.0-240.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-cross-headers-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-core-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-modules-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-modules-extra-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-libs-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-zfcpdump-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']},\n {'reference':'python3-perf-4.18.0-240.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_baseos', 'enterprise_linux_8_crb']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-21T06:05:51", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4609 advisory.\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 6.7, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-04T00:00:00", "title": "RHEL 8 : kernel-rt (RHSA-2020:4609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8648", "CVE-2020-12770", "CVE-2019-19533", "CVE-2020-25641", "CVE-2019-19770", "CVE-2019-19767", "CVE-2019-16233", "CVE-2020-12659", "CVE-2019-18809", "CVE-2019-19332", "CVE-2020-12826", "CVE-2019-19524", "CVE-2020-10942", "CVE-2019-19062", "CVE-2019-20636", "CVE-2020-10732", "CVE-2019-19319", "CVE-2020-14381", "CVE-2020-0305", "CVE-2020-10774", "CVE-2019-19063", "CVE-2019-18808", "CVE-2019-9455", "CVE-2020-11668", "CVE-2020-10751", "CVE-2019-19068", "CVE-2019-9458", "CVE-2020-11565", "CVE-2020-8649", "CVE-2019-16231", "CVE-2019-19447", "CVE-2019-19046", "CVE-2020-8647", "CVE-2019-19543", "CVE-2019-15925", "CVE-2019-19537", "CVE-2020-12655", "CVE-2019-19056", "CVE-2019-19072", "CVE-2019-20054", "CVE-2019-15917"], "modified": "2020-11-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "cpe:/a:redhat:enterprise_linux:8::realtime", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "cpe:/a:redhat:enterprise_linux:8::nfv", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules"], "id": "REDHAT-RHSA-2020-4609.NASL", "href": "https://www.tenable.com/plugins/nessus/142382", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4609. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142382);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2019-9455\",\n \"CVE-2019-9458\",\n \"CVE-2019-15917\",\n \"CVE-2019-15925\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-19046\",\n \"CVE-2019-19056\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19068\",\n \"CVE-2019-19072\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19524\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-19543\",\n \"CVE-2019-19767\",\n \"CVE-2019-19770\",\n \"CVE-2019-20054\",\n \"CVE-2019-20636\",\n \"CVE-2020-0305\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10774\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-11668\",\n \"CVE-2020-12655\",\n \"CVE-2020-12659\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-14381\",\n \"CVE-2020-25641\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4609\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2020:4609)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4609 advisory.\n\n - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)\n\n - kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)\n\n - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)\n\n - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)\n\n - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)\n\n - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072)\n\n - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)\n\n - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)\n\n - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb- dec/ttusb_dec.c (CVE-2019-19533)\n\n - kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)\n\n - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)\n\n - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n - kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)\n\n - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n - kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\n - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/94.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/349.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/805.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1779594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1784130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1834845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1839634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1874311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1881424\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 94, 119, 200, 349, 362, 400, 401, 416, 476, 772, 787, 805, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4609');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-9455', 'CVE-2019-9458', 'CVE-2019-15917', 'CVE-2019-15925', 'CVE-2019-16231', 'CVE-2019-16233', 'CVE-2019-18808', 'CVE-2019-18809', 'CVE-2019-19046', 'CVE-2019-19056', 'CVE-2019-19062', 'CVE-2019-19063', 'CVE-2019-19068', 'CVE-2019-19072', 'CVE-2019-19319', 'CVE-2019-19332', 'CVE-2019-19447', 'CVE-2019-19524', 'CVE-2019-19533', 'CVE-2019-19537', 'CVE-2019-19543', 'CVE-2019-19767', 'CVE-2019-19770', 'CVE-2019-20054', 'CVE-2019-20636', 'CVE-2020-0305', 'CVE-2020-8647', 'CVE-2020-8648', 'CVE-2020-8649', 'CVE-2020-10732', 'CVE-2020-10751', 'CVE-2020-10774', 'CVE-2020-10942', 'CVE-2020-11565', 'CVE-2020-11668', 'CVE-2020-12655', 'CVE-2020-12659', 'CVE-2020-12770', 'CVE-2020-12826', 'CVE-2020-14381', 'CVE-2020-25641');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:4609');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-rt-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-core-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-debug-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-debug-core-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-devel-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-kvm-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-modules-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.rt7.54.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_nfv', 'enterprise_linux_8_realtime']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T06:43:05", "description": "New kernel packages are available for Slackware 14.2 to fix security\nissues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-27T00:00:00", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5108", "CVE-2020-8648", "CVE-2020-9383", "CVE-2019-15217", "CVE-2019-16233", "CVE-2019-14901", "CVE-2019-14896", "CVE-2019-19965", "CVE-2020-0009", "CVE-2019-14615", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-14895", "CVE-2019-14897", "CVE-2019-19066", "CVE-2018-21008", "CVE-2019-19068", "CVE-2019-11487", "CVE-2020-8649", "CVE-2020-8647", "CVE-2020-2732", "CVE-2019-19056", "CVE-2019-16234"], "modified": "2020-03-27T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-huge"], "id": "SLACKWARE_SSA_2020-086-01.NASL", "href": "https://www.tenable.com/plugins/nessus/134971", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-086-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134971);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\"CVE-2018-21008\", \"CVE-2019-11487\", \"CVE-2019-14615\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15217\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-16233\", \"CVE-2019-16234\", \"CVE-2019-19056\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19965\", \"CVE-2019-5108\", \"CVE-2020-0009\", \"CVE-2020-2732\", \"CVE-2020-8647\", \"CVE-2020-8648\", \"CVE-2020-8649\", \"CVE-2020-9383\");\n script_xref(name:\"SSA\", value:\"2020-086-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.760705\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55cd09d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.217\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.217_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.217_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.217\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.217_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.217\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.217_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.217_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.217\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.217\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.217\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.217\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.217\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T11:04:11", "description": "Paulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An\nattacker could use this to expose sensitive information.\n(CVE-2020-2732)\n\nGregory Herrero discovered that the fix for CVE-2019-14615 to address\nthe Linux kernel not properly clearing data structures on context\nswitches for certain Intel graphics processors was incomplete. A local\nattacker could use this to expose sensitive information.\n(CVE-2020-8832)\n\nIt was discovered that the IPMI message handler implementation in the\nLinux kernel did not properly deallocate memory in certain situations.\nA local attacker could use this to cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19046)\n\nIt was discovered that the Intel WiMAX 2400 driver in the Linux kernel\ndid not properly deallocate memory in certain situations. A local\nattacker could use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19051)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to possibly cause a denial of service\n(kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly\nuse this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19058)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19068)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux\nkernel did not properly initialize memory. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15217).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.8, "vector": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-03-18T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4302-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8832", "CVE-2019-15217", "CVE-2019-19051", "CVE-2019-19058", "CVE-2019-14615", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19046", "CVE-2020-2732", "CVE-2019-19056"], "modified": "2020-03-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4302-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134660);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-14615\", \"CVE-2019-15217\", \"CVE-2019-19046\", \"CVE-2019-19051\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2020-2732\", \"CVE-2020-8832\");\n script_xref(name:\"USN\", value:\"4302-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4302-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Paulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An\nattacker could use this to expose sensitive information.\n(CVE-2020-2732)\n\nGregory Herrero discovered that the fix for CVE-2019-14615 to address\nthe Linux kernel not properly clearing data structures on context\nswitches for certain Intel graphics processors was incomplete. A local\nattacker could use this to expose sensitive information.\n(CVE-2020-8832)\n\nIt was discovered that the IPMI message handler implementation in the\nLinux kernel did not properly deallocate memory in certain situations.\nA local attacker could use this to cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19046)\n\nIt was discovered that the Intel WiMAX 2400 driver in the Linux kernel\ndid not properly deallocate memory in certain situations. A local\nattacker could use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19051)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to possibly cause a denial of service\n(kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly\nuse this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19058)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19068)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux\nkernel did not properly initialize memory. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15217).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4302-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2732\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14615\", \"CVE-2019-15217\", \"CVE-2019-19046\", \"CVE-2019-19051\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2020-2732\", \"CVE-2020-8832\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4302-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1035-oracle\", pkgver:\"4.15.0-1035.38~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1058-gcp\", pkgver:\"4.15.0-1058.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1063-aws\", pkgver:\"4.15.0-1063.67~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1075-azure\", pkgver:\"4.15.0-1075.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-91-generic\", pkgver:\"4.15.0-91.92~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-91-generic-lpae\", pkgver:\"4.15.0-91.92~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-91-lowlatency\", pkgver:\"4.15.0-91.92~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1063.63\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1075.78\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1058.72\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.91.101\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.91.101\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1058.72\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.91.101\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.91.101\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1035.28\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.91.101\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1035-oracle\", pkgver:\"4.15.0-1035.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1055-gke\", pkgver:\"4.15.0-1055.58\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1056-kvm\", pkgver:\"4.15.0-1056.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1057-raspi2\", pkgver:\"4.15.0-1057.61\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1063-aws\", pkgver:\"4.15.0-1063.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1074-snapdragon\", pkgver:\"4.15.0-1074.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1076-oem\", pkgver:\"4.15.0-1076.86\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-91-generic\", pkgver:\"4.15.0-91.92\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-91-generic-lpae\", pkgver:\"4.15.0-91.92\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-91-lowlatency\", pkgver:\"4.15.0-91.92\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1063.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-lts-18.04\", pkgver:\"4.15.0.1063.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.91.83\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.91.83\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1055.59\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1055.59\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1056.56\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.91.83\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1076.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle-lts-18.04\", pkgver:\"4.15.0.1035.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1057.55\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1074.77\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.91.83\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-09-18T11:04:08", "description": "It was discovered that the KVM implementation in the Linux kernel,\nwhen paravirtual TLB flushes are enabled in guests, the hypervisor in\nsome situations could miss deferred TLB flushes or otherwise mishandle\nthem. An attacker in a guest VM could use this to expose sensitive\ninformation (read memory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An\nattacker could use this to expose sensitive information.\n(CVE-2020-2732)\n\nIt was discovered that the Afatech AF9005 DVB-T USB device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-18809)\n\nIt was discovered that the Intel XL710 Ethernet Controller device\ndriver in the Linux kernel did not properly deallocate memory in\ncertain error conditions. A local attacker could possibly use this to\ncause a denial of service (kernel memory exhaustion). (CVE-2019-19043)\n\nIt was discovered that the RPMSG character device interface in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to possibly cause a denial of service\n(kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly\nuse this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19058, CVE-2019-19059)\n\nIt was discovered that the Serial Peripheral Interface (SPI) driver in\nthe Linux kernel device driver in the Linux kernel did not properly\ndeallocate memory in certain error conditions. A local attacker could\npossibly use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19064)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19068).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.8, "vector": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-03-18T00:00:00", "title": "Ubuntu 18.04 LTS / 19.10 : Linux kernel vulnerabilities (USN-4300-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18809", "CVE-2019-19058", "CVE-2019-19053", "CVE-2019-3016", "CVE-2019-19064", "CVE-2019-19059", "CVE-2019-19043", "CVE-2019-19066", "CVE-2019-19068", "CVE-2020-2732", "CVE-2019-19056"], "modified": "2020-03-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:19.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4300-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4300-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134658);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-18809\", \"CVE-2019-19043\", \"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-3016\", \"CVE-2020-2732\");\n script_xref(name:\"USN\", value:\"4300-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.10 : Linux kernel vulnerabilities (USN-4300-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the KVM implementation in the Linux kernel,\nwhen paravirtual TLB flushes are enabled in guests, the hypervisor in\nsome situations could miss deferred TLB flushes or otherwise mishandle\nthem. An attacker in a guest VM could use this to expose sensitive\ninformation (read memory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An\nattacker could use this to expose sensitive information.\n(CVE-2020-2732)\n\nIt was discovered that the Afatech AF9005 DVB-T USB device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-18809)\n\nIt was discovered that the Intel XL710 Ethernet Controller device\ndriver in the Linux kernel did not properly deallocate memory in\ncertain error conditions. A local attacker could possibly use this to\ncause a denial of service (kernel memory exhaustion). (CVE-2019-19043)\n\nIt was discovered that the RPMSG character device interface in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to possibly cause a denial of service\n(kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly\nuse this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19058, CVE-2019-19059)\n\nIt was discovered that the Serial Peripheral Interface (SPI) driver in\nthe Linux kernel device driver in the Linux kernel did not properly\ndeallocate memory in certain error conditions. A local attacker could\npossibly use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19064)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19068).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4300-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2732\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-18809\", \"CVE-2019-19043\", \"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-3016\", \"CVE-2020-2732\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4300-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1014-gcp\", pkgver:\"5.3.0-1014.15~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1014-gke\", pkgver:\"5.3.0-1014.15~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1016-azure\", pkgver:\"5.3.0-1016.17~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1019-raspi2\", pkgver:\"5.3.0-1019.21~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-42-generic\", pkgver:\"5.3.0-42.34~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-42-generic-lpae\", pkgver:\"5.3.0-42.34~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-42-lowlatency\", pkgver:\"5.3.0-42.34~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure-edge\", pkgver:\"5.3.0.1016.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp-edge\", pkgver:\"5.3.0.1014.13\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.3.0.42.99\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.3.0.42.99\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.3\", pkgver:\"5.3.0.1014.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.3.0.42.99\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2-hwe-18.04\", pkgver:\"5.3.0.1019.8\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.3.0.42.99\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.3.0.42.99\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1011-oracle\", pkgver:\"5.3.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1012-kvm\", pkgver:\"5.3.0-1012.13\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1013-aws\", pkgver:\"5.3.0-1013.14\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1014-gcp\", pkgver:\"5.3.0-1014.15\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1016-azure\", pkgver:\"5.3.0-1016.17\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1019-raspi2\", pkgver:\"5.3.0-1019.21\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-42-generic\", pkgver:\"5.3.0-42.34\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-42-generic-lpae\", pkgver:\"5.3.0-42.34\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-42-lowlatency\", pkgver:\"5.3.0-42.34\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-42-snapdragon\", pkgver:\"5.3.0-42.34\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-aws\", pkgver:\"5.3.0.1013.15\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-azure\", pkgver:\"5.3.0.1016.35\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-gcp\", pkgver:\"5.3.0.1014.15\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-generic\", pkgver:\"5.3.0.42.36\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.3.0.42.36\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-gke\", pkgver:\"5.3.0.1014.15\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-kvm\", pkgver:\"5.3.0.1012.14\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.3.0.42.36\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-oracle\", pkgver:\"5.3.0.1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-raspi2\", pkgver:\"5.3.0.1019.16\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.3.0.42.36\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-virtual\", pkgver:\"5.3.0.42.36\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.3-aws / linux-image-5.3-azure / linux-image-5.3-gcp / etc\");\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-09-18T11:04:10", "description": "It was discovered that the KVM implementation in the Linux kernel,\nwhen paravirtual TLB flushes are enabled in guests, the hypervisor in\nsome situations could miss deferred TLB flushes or otherwise mishandle\nthem. An attacker in a guest VM could use this to expose sensitive\ninformation (read memory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An\nattacker could use this to expose sensitive information.\n(CVE-2020-2732)\n\nIt was discovered that the RPMSG character device interface in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to possibly cause a denial of service\n(kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly\nuse this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19058, CVE-2019-19059)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19068).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.8, "vector": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-03-18T00:00:00", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4301-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19058", "CVE-2019-19053", "CVE-2019-3016", "CVE-2019-19059", "CVE-2019-19066", "CVE-2019-19068", "CVE-2020-2732", "CVE-2019-19056"], "modified": "2020-03-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure"], "id": "UBUNTU_USN-4301-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134659", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4301-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134659);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-3016\", \"CVE-2020-2732\");\n script_xref(name:\"USN\", value:\"4301-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4301-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the KVM implementation in the Linux kernel,\nwhen paravirtual TLB flushes are enabled in guests, the hypervisor in\nsome situations could miss deferred TLB flushes or otherwise mishandle\nthem. An attacker in a guest VM could use this to expose sensitive\ninformation (read memory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An\nattacker could use this to expose sensitive information.\n(CVE-2020-2732)\n\nIt was discovered that the RPMSG character device interface in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to possibly cause a denial of service\n(kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly\nuse this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19058, CVE-2019-19059)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial\nof service (kernel memory exhaustion). (CVE-2019-19068).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4301-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2732\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-3016\", \"CVE-2020-2732\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4301-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1013-oracle\", pkgver:\"5.0.0-1013.18\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1027-aws\", pkgver:\"5.0.0-1027.30\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1032-gke\", pkgver:\"5.0.0-1032.33\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1033-gcp\", pkgver:\"5.0.0-1033.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1035-azure\", pkgver:\"5.0.0-1035.37\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1043-oem-osp1\", pkgver:\"5.0.0-1043.48\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-edge\", pkgver:\"5.0.0.1027.41\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1035.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1033.37\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.0\", pkgver:\"5.0.0.1032.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem-osp1\", pkgver:\"5.0.0.1043.48\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.0.0.1013.13\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-06-15T15:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19054", "CVE-2020-10711", "CVE-2020-12888", "CVE-2020-11884", "CVE-2019-18809", "CVE-2019-19057", "CVE-2019-18811", "CVE-2019-14901", "CVE-2019-19058", "CVE-2019-0155", "CVE-2019-14896", "CVE-2019-19062", "CVE-2019-19053", "CVE-2019-19064", "CVE-2018-12207", "CVE-2019-19082", "CVE-2020-8835", "CVE-2019-19059", "CVE-2019-19078", "CVE-2019-11135", "CVE-2019-18812", "CVE-2019-19055", "CVE-2019-19043", "CVE-2019-19769", "CVE-2019-19063", "CVE-2019-18808", "CVE-2019-14895", "CVE-2019-14897", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19050", "CVE-2019-19071", "CVE-2019-0154", "CVE-2020-10757", "CVE-2019-19073", "CVE-2019-19077", "CVE-2019-19070", "CVE-2019-19046", "CVE-2019-16232", "CVE-2019-19074", "CVE-2020-2732", "CVE-2020-12655", "CVE-2019-19056", "CVE-2019-19072"], "description": "The remote host is missing an update for the ", "modified": "2020-06-12T00:00:00", "published": "2020-06-12T00:00:00", "id": "OPENVAS:1361412562310877952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877952", "type": "openvas", "title": "Fedora: Security Advisory for kernel (FEDORA-2020-203ffedeb5)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877952\");\n script_version(\"2020-06-12T07:11:22+0000\");\n script_cve_id(\"CVE-2020-10757\", \"CVE-2020-12888\", \"CVE-2020-12655\", \"CVE-2020-10711\", \"CVE-2020-11884\", \"CVE-2020-8835\", \"CVE-2019-19769\", \"CVE-2020-2732\", \"CVE-2019-18808\", \"CVE-2019-18809\", \"CVE-2019-18811\", \"CVE-2019-18812\", \"CVE-2019-16232\", \"CVE-2019-19082\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-19078\", \"CVE-2019-19077\", \"CVE-2019-19074\", \"CVE-2019-19073\", \"CVE-2019-19072\", \"CVE-2019-19071\", \"CVE-2019-19070\", \"CVE-2019-19068\", \"CVE-2019-19043\", \"CVE-2019-19066\", \"CVE-2019-19046\", \"CVE-2019-19050\", \"CVE-2019-19062\", \"CVE-2019-19064\", \"CVE-2019-19063\", \"CVE-2019-19059\", \"CVE-2019-19058\", \"CVE-2019-19057\", \"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19055\", \"CVE-2019-19054\", \"CVE-2019-11135\", \"CVE-2018-12207\", \"CVE-2019-0154\", \"CVE-2019-0155\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 07:11:22 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-12 03:09:59 +0000 (Fri, 12 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for kernel (FEDORA-2020-203ffedeb5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-203ffedeb5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2020-203ffedeb5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.6.16~200.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-23T15:01:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18809", "CVE-2019-19058", "CVE-2019-19053", "CVE-2019-3016", "CVE-2019-19064", "CVE-2019-19059", "CVE-2019-19043", "CVE-2019-19066", "CVE-2019-19068", "CVE-2020-2732", "CVE-2019-19056"], "description": "The remote host is missing an update for the ", "modified": "2020-03-20T00:00:00", "published": "2020-03-17T00:00:00", "id": "OPENVAS:1361412562310844362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844362", "type": "openvas", "title": "Ubuntu: Security Advisory for linux (USN-4300-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844362\");\n script_version(\"2020-03-20T06:19:59+0000\");\n script_cve_id(\"CVE-2019-3016\", \"CVE-2020-2732\", \"CVE-2019-18809\", \"CVE-2019-19043\", \"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-20 06:19:59 +0000 (Fri, 20 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-17 04:00:20 +0000 (Tue, 17 Mar 2020)\");\n script_name(\"Ubuntu: Security Advisory for linux (USN-4300-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4300-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-March/005356.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4300-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the KVM implementation in the Linux kernel, when\nparavirtual TLB flushes are enabled in guests, the hypervisor in some\nsituations could miss deferred TLB flushes or otherwise mishandle them. An\nattacker in a guest VM could use this to expose sensitive information (read\nmemory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An attacker\ncould use this to expose sensitive information. (CVE-2020-2732)\n\nIt was discovered that the Afatech AF9005 DVB-T USB device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-18809)\n\nIt was discovered that the Intel(R) XL710 Ethernet Controller device driver\nin the Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19043)\n\nIt was discovered that the RPMSG character device interface in the Linux\nkernel did not properly deallocate memory in certain error conditions. A\nlocal attacker could possibly use this to cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to possibly cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel\ndevice driver in the Linux kernel did not properly deallocate memory in\ncertain error conditions. A local attacker could possibly use this to cause\na denial of service (kernel memory exhaustion). (CVE-2019-19058,\nCVE-2019-19059)\n\nIt was discovered that the Serial Peripheral Interface (SPI) driver in the\nLinux kernel device driver in the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could possibly use\nthis to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19064)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in t ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1011-oracle\", ver:\"5.3.0-1011.12\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1012-kvm\", ver:\"5.3.0-1012.13\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1013-aws\", ver:\"5.3.0-1013.14\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1014-gcp\", ver:\"5.3.0-1014.15\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1019-raspi2\", ver:\"5.3.0-1019.21\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-generic\", ver:\"5.3.0-42.34\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-generic-lpae\", ver:\"5.3.0-42.34\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-lowlatency\", ver:\"5.3.0-42.34\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-snapdragon\", ver:\"5.3.0-42.34\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"5.3.0.1013.15\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"5.3.0.1014.15\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"5.3.0.42.36\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"5.3.0.42.36\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"5.3.0.1014.15\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"5.3.0.1012.14\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"5.3.0.42.36\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"5.3.0.1011.12\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"5.3.0.1019.16\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"5.3.0.42.36\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"5.3.0.42.36\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1014-gcp\", ver:\"5.3.0-1014.15~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1014-gke\", ver:\"5.3.0-1014.15~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1019-raspi2\", ver:\"5.3.0-1019.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-generic\", ver:\"5.3.0-42.34~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-generic-lpae\", ver:\"5.3.0-42.34~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-42-lowlatency\", ver:\"5.3.0-42.34~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp-edge\", ver:\"5.3.0.1014.13\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-18.04\", ver:\"5.3.0.42.99\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-18.04\", ver:\"5.3.0.42.99\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-5.3\", ver:\"5.3.0.1014.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-18.04\", ver:\"5.3.0.42.99\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2-hwe-18.04\", ver:\"5.3.0.1019.8\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon-hwe-18.04\", ver:\"5.3.0.42.99\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-18.04\", ver:\"5.3.0.42.99\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-08T17:12:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8832", "CVE-2019-15217", "CVE-2019-19051", "CVE-2019-19058", "CVE-2019-14615", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19046", "CVE-2020-2732", "CVE-2019-19056"], "description": "The remote host is missing an update for the ", "modified": "2020-05-07T00:00:00", "published": "2020-03-17T00:00:00", "id": "OPENVAS:1361412562310844364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844364", "type": "openvas", "title": "Ubuntu: Security Advisory for linux (USN-4302-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844364\");\n script_version(\"2020-05-07T08:41:48+0000\");\n script_cve_id(\"CVE-2020-2732\", \"CVE-2019-14615\", \"CVE-2020-8832\", \"CVE-2019-19046\", \"CVE-2019-19051\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-15217\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 08:41:48 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-17 04:00:29 +0000 (Tue, 17 Mar 2020)\");\n script_name(\"Ubuntu: Security Advisory for linux (USN-4302-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4302-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-March/005358.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4302-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Paulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An attacker\ncould use this to expose sensitive information. (CVE-2020-2732)\n\nGregory Herrero discovered that the fix for CVE-2019-14615 to address the\nLinux kernel not properly clearing data structures on context switches for\ncertain Intel graphics processors was incomplete. A local attacker could\nuse this to expose sensitive information. (CVE-2020-8832)\n\nIt was discovered that the IPMI message handler implementation in the Linux\nkernel did not properly deallocate memory in certain situations. A local\nattacker could use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19046)\n\nIt was discovered that the Intel WiMAX 2400 driver in the Linux kernel did\nnot properly deallocate memory in certain situations. A local attacker\ncould use this to cause a denial of service (kernel memory exhaustion).\n(CVE-2019-19051)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to possibly cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel\ndevice driver in the Linux kernel did not properly deallocate memory in\ncertain error conditions. A local attacker could possibly use this to cause\na denial of service (kernel memory exhaustion). (CVE-2019-19058)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19068)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux\nkernel did not properly initialize memory. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15217)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1055-gke\", ver:\"4.15.0-1055.58\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1056-kvm\", ver:\"4.15.0-1056.57\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1057-raspi2\", ver:\"4.15.0-1057.61\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1063-aws\", ver:\"4.15.0-1063.67\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1074-snapdragon\", ver:\"4.15.0-1074.81\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-91-generic\", ver:\"4.15.0-91.92\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-91-generic-lpae\", ver:\"4.15.0-91.92\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-91-lowlatency\", ver:\"4.15.0-91.92\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1063.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-lts-18.04\", ver:\"4.15.0.1063.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1055.59\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-4.15\", ver:\"4.15.0.1055.59\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1056.56\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1057.55\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.1074.77\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.15.0.91.83\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1058-gcp\", ver:\"4.15.0-1058.62\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1063-aws\", ver:\"4.15.0-1063.67~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-91-generic\", ver:\"4.15.0-91.92~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-91-generic-lpae\", ver:\"4.15.0-91.92~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-91-lowlatency\", ver:\"4.15.0-91.92~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1063.63\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1058.72\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.91.101\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.91.101\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1058.72\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.91.101\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.91.101\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.91.101\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-03-23T15:01:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19058", "CVE-2019-19053", "CVE-2019-3016", "CVE-2019-19059", "CVE-2019-19066", "CVE-2019-19068", "CVE-2020-2732", "CVE-2019-19056"], "description": "The remote host is missing an update for the ", "modified": "2020-03-20T00:00:00", "published": "2020-03-17T00:00:00", "id": "OPENVAS:1361412562310844365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844365", "type": "openvas", "title": "Ubuntu: Security Advisory for linux-aws-5.0 (USN-4301-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844365\");\n script_version(\"2020-03-20T06:19:59+0000\");\n script_cve_id(\"CVE-2019-3016\", \"CVE-2020-2732\", \"CVE-2019-19053\", \"CVE-2019-19056\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19066\", \"CVE-2019-19068\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-20 06:19:59 +0000 (Fri, 20 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-17 04:00:44 +0000 (Tue, 17 Mar 2020)\");\n script_name(\"Ubuntu: Security Advisory for linux-aws-5.0 (USN-4301-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4301-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-March/005357.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws-5.0'\n package(s) announced via the USN-4301-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the KVM implementation in the Linux kernel, when\nparavirtual TLB flushes are enabled in guests, the hypervisor in some\nsituations could miss deferred TLB flushes or otherwise mishandle them. An\nattacker in a guest VM could use this to expose sensitive information (read\nmemory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the\nLinux kernel could improperly let a nested (level 2) guest access the\nresources of a parent (level 1) guest in certain situations. An attacker\ncould use this to expose sensitive information. (CVE-2020-2732)\n\nIt was discovered that the RPMSG character device interface in the Linux\nkernel did not properly deallocate memory in certain error conditions. A\nlocal attacker could possibly use this to cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to possibly cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel\ndevice driver in the Linux kernel did not properly deallocate memory in\ncertain error conditions. A local attacker could possibly use this to cause\na denial of service (kernel memory exhaustion). (CVE-2019-19058,\nCVE-2019-19059)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19068)\");\n\n script_tag(name:\"affected\", value:\"'linux-aws-5.0' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1013-oracle\", ver:\"5.0.0-1013.18\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1027-aws\", ver:\"5.0.0-1027.30\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1032-gke\", ver:\"5.0.0-1032.33\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1033-gcp\", ver:\"5.0.0-1033.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-edge\", ver:\"5.0.0.1027.41\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"5.0.0.1033.37\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-5.0\", ver:\"5.0.0.1032.20\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"5.0.0.1013.13\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-14901", "CVE-2019-16232", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-18811", "CVE-2019-18812", "CVE-2019-19043", "CVE-2019-19046", "CVE-2019-19050", "CVE-2019-19053", "CVE-2019-19054", "CVE-2019-19055", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19064", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19070", "CVE-2019-19071", "CVE-2019-19072", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19077", "CVE-2019-19078", "CVE-2019-19082", "CVE-2019-19769", "CVE-2020-10711", "CVE-2020-10757", "CVE-2020-11884", "CVE-2020-12655", "CVE-2020-12888", "CVE-2020-2732", "CVE-2020-8835"], "description": "The kernel meta package ", "modified": "2020-06-11T19:00:32", "published": "2020-06-11T19:00:32", "id": "FEDORA:803AE30C6416", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: kernel-5.6.16-200.fc31", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2020-05-06T02:42:13", "bulletinFamily": "software", "cvelist": ["CVE-2020-8832", "CVE-2019-15217", "CVE-2019-19051", "CVE-2019-19058", "CVE-2019-14615", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19046", "CVE-2020-2732", "CVE-2019-19056"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732)\n\nGregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. (CVE-2020-8832)\n\nIt was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046)\n\nIt was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel\u00ae Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217)\n\nCVEs contained in this USN include: CVE-2019-15217, CVE-2019-19051, CVE-2019-19056, CVE-2019-19066, CVE-2019-19068, CVE-2019-19058, CVE-2020-2732, CVE-2019-19046, CVE-2020-8832.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 97.x versions prior to 97.239\n * 170.x versions prior to 170.210\n * 250.x versions prior to 250.189\n * 315.x versions prior to 315.175\n * 456.x versions prior to 456.104\n * 621.x versions prior to 621.64\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 97.x versions to 97.239 or greater\n * Upgrade 170.x versions to 170.210 or greater\n * Upgrade 250.x versions to 250.189 or greater\n * Upgrade 315.x versions to 315.175 or greater\n * Upgrade 456.x versions to 456.104 or greater\n * Upgrade 621.x versions to 621.64 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4302-1/>)\n * [CVE-2019-15217](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217>)\n * [CVE-2019-19051](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051>)\n * [CVE-2019-19056](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056>)\n * [CVE-2019-19066](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066>)\n * [CVE-2019-19068](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068>)\n * [CVE-2019-19058](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19058>)\n * [CVE-2020-2732](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2732>)\n * [CVE-2019-19046](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19046>)\n * [CVE-2020-8832](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8832>)\n\n## History\n\n2020-03-17: Initial vulnerability report published.\n", "edition": 2, "modified": "2020-04-23T00:00:00", "published": "2020-04-23T00:00:00", "id": "CFOUNDRY:A6BB54E614972BC1F16419D7DB82331A", "href": "https://www.cloudfoundry.org/blog/usn-4302-1/", "title": "USN-4302-1: Linux kernel vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-21008", "CVE-2019-11487", "CVE-2019-14615", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-14901", "CVE-2019-15217", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-19056", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19965", "CVE-2019-5108", "CVE-2020-0009", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9383"], "description": "New kernel packages are available for Slackware 14.2 to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.217/*: Upgraded.\n These updates fix various bugs and security issues.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n Fixed in 4.4.209:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19965\n Fixed in 4.4.210:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19068\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14615\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19056\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19066\n Fixed in 4.4.211:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15217\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21008\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15220\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15221\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5108\n Fixed in 4.4.212:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14896\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14897\n Fixed in 4.4.215:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9383\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16233\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0009\n Fixed in 4.4.216:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8647\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8649\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16234\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648\n Fixed in 4.4.217:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-generic-4.4.217-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-generic-smp-4.4.217_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-headers-4.4.217_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-huge-4.4.217-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-huge-smp-4.4.217_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-modules-4.4.217-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-modules-smp-4.4.217_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.217/kernel-source-4.4.217_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.217/kernel-generic-4.4.217-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.217/kernel-headers-4.4.217-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.217/kernel-huge-4.4.217-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.217/kernel-modules-4.4.217-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.217/kernel-source-4.4.217-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 packages:\na583999ff4d5aaf717389329af0bfebf kernel-generic-4.4.217-i586-1.txz\naa41f8b6cb7ca06779e11a803fd06881 kernel-generic-smp-4.4.217_smp-i686-1.txz\nec98d6aa32743124ed317edfd9b5751d kernel-headers-4.4.217_smp-x86-1.txz\n426ffbbd44d3ab47779518713079cbc2 kernel-huge-4.4.217-i586-1.txz\nf0b0c550771cdb9904e8a81e18e1c3a5 kernel-huge-smp-4.4.217_smp-i686-1.txz\n17580fde3d753faec92c69d9b1b296b3 kernel-modules-4.4.217-i586-1.txz\n35b06ec07cbc246f7e439c6ffc8b8146 kernel-modules-smp-4.4.217_smp-i686-1.txz\naa3b2bdf35fa4c2202a03910d2c53d8d kernel-source-4.4.217_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\nef37a3afd3ad459a0714624b32f670a2 kernel-generic-4.4.217-x86_64-1.txz\nde239ba97ad7fd3d3487038bc8bf10a5 kernel-headers-4.4.217-x86-1.txz\n2ad3dca1aeff8429de2c03bd28afdd7d kernel-huge-4.4.217-x86_64-1.txz\nea75c40c4a486b3f25de482cae24e87c kernel-modules-4.4.217-x86_64-1.txz\n933366ccd2ba028a03bed87cbeea3ac5 kernel-source-4.4.217-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.217-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.217 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.217-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.217 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run \"lilo\" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "modified": "2020-03-26T23:13:28", "published": "2020-03-26T23:13:28", "id": "SSA-2020-086-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.760705", "type": "slackware", "title": "[slackware-security] Slackware 14.2 kernel", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-18T01:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2019-18809", "CVE-2019-19058", "CVE-2019-19053", "CVE-2019-3016", "CVE-2019-19064", "CVE-2019-19059", "CVE-2019-19043", "CVE-2019-19066", "CVE-2019-19068", "CVE-2020-2732", "CVE-2019-19056"], "description": "It was discovered that the KVM implementation in the Linux kernel, when \nparavirtual TLB flushes are enabled in guests, the hypervisor in some \nsituations could miss deferred TLB flushes or otherwise mishandle them. An \nattacker in a guest VM could use this to expose sensitive information (read \nmemory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the \nLinux kernel could improperly let a nested (level 2) guest access the \nresources of a parent (level 1) guest in certain situations. An attacker \ncould use this to expose sensitive information. (CVE-2020-2732)\n\nIt was discovered that the Afatech AF9005 DVB-T USB device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-18809)\n\nIt was discovered that the Intel(R) XL710 Ethernet Controller device driver \nin the Linux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19043)\n\nIt was discovered that the RPMSG character device interface in the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker could possibly use this to cause a denial of service (kernel \nmemory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to possibly cause a denial of service (kernel \nmemory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel \ndevice driver in the Linux kernel did not properly deallocate memory in \ncertain error conditions. A local attacker could possibly use this to cause \na denial of service (kernel memory exhaustion). (CVE-2019-19058, \nCVE-2019-19059)\n\nIt was discovered that the Serial Peripheral Interface (SPI) driver in the \nLinux kernel device driver in the Linux kernel did not properly deallocate \nmemory in certain error conditions. A local attacker could possibly use \nthis to cause a denial of service (kernel memory exhaustion). \n(CVE-2019-19064)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19068)", "edition": 4, "modified": "2020-03-25T00:00:00", "published": "2020-03-25T00:00:00", "id": "USN-4300-1", "href": "https://ubuntu.com/security/notices/USN-4300-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-15T01:32:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19058", "CVE-2019-19053", "CVE-2019-3016", "CVE-2019-19059", "CVE-2019-19066", "CVE-2019-19068", "CVE-2020-2732", "CVE-2019-19056"], "description": "It was discovered that the KVM implementation in the Linux kernel, when \nparavirtual TLB flushes are enabled in guests, the hypervisor in some \nsituations could miss deferred TLB flushes or otherwise mishandle them. An \nattacker in a guest VM could use this to expose sensitive information (read \nmemory from another guest VM). (CVE-2019-3016)\n\nPaulo Bonzini discovered that the KVM hypervisor implementation in the \nLinux kernel could improperly let a nested (level 2) guest access the \nresources of a parent (level 1) guest in certain situations. An attacker \ncould use this to expose sensitive information. (CVE-2020-2732)\n\nIt was discovered that the RPMSG character device interface in the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker could possibly use this to cause a denial of service (kernel \nmemory exhaustion). (CVE-2019-19053)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to possibly cause a denial of service (kernel \nmemory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel \ndevice driver in the Linux kernel did not properly deallocate memory in \ncertain error conditions. A local attacker could possibly use this to cause \na denial of service (kernel memory exhaustion). (CVE-2019-19058, \nCVE-2019-19059)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19068)", "edition": 5, "modified": "2020-03-25T00:00:00", "published": "2020-03-25T00:00:00", "id": "USN-4301-1", "href": "https://ubuntu.com/security/notices/USN-4301-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-18T01:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8832", "CVE-2019-15217", "CVE-2019-19051", "CVE-2019-19058", "CVE-2019-14615", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19046", "CVE-2020-2732", "CVE-2019-19056"], "description": "Paulo Bonzini discovered that the KVM hypervisor implementation in the \nLinux kernel could improperly let a nested (level 2) guest access the \nresources of a parent (level 1) guest in certain situations. An attacker \ncould use this to expose sensitive information. (CVE-2020-2732)\n\nGregory Herrero discovered that the fix for CVE-2019-14615 to address the \nLinux kernel not properly clearing data structures on context switches for \ncertain Intel graphics processors was incomplete. A local attacker could \nuse this to expose sensitive information. (CVE-2020-8832)\n\nIt was discovered that the IPMI message handler implementation in the Linux \nkernel did not properly deallocate memory in certain situations. A local \nattacker could use this to cause a denial of service (kernel memory \nexhaustion). (CVE-2019-19046)\n\nIt was discovered that the Intel WiMAX 2400 driver in the Linux kernel did \nnot properly deallocate memory in certain situations. A local attacker \ncould use this to cause a denial of service (kernel memory exhaustion). \n(CVE-2019-19051)\n\nIt was discovered that the Marvell Wi-Fi device driver in the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to possibly cause a denial of service (kernel \nmemory exhaustion). (CVE-2019-19056)\n\nIt was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel \ndevice driver in the Linux kernel did not properly deallocate memory in \ncertain error conditions. A local attacker could possibly use this to cause \na denial of service (kernel memory exhaustion). (CVE-2019-19058)\n\nIt was discovered that the Brocade BFA Fibre Channel device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19066)\n\nIt was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could possibly use this to cause a denial of \nservice (kernel memory exhaustion). (CVE-2019-19068)\n\nIt was discovered that ZR364XX Camera USB device driver for the Linux \nkernel did not properly initialize memory. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-15217)", "edition": 7, "modified": "2020-03-25T00:00:00", "published": "2020-03-25T00:00:00", "id": "USN-4302-1", "href": "https://ubuntu.com/security/notices/USN-4302-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}]}